Dir-818Lw Firmware Security Vulnerabilities and Issues — Dir-818Lw Firmware CVE List

cve

CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.

9.8CVSS

9.7AI Score

0.936EPSS

2019-01-02 06:29 PM

33

In Wild

cve

CVE-2019-12786

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.

8.8CVSS

8.9AI Score

0.001EPSS

2019-06-10 06:29 PM

40

cve

CVE-2019-12787

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.

8.8CVSS

8.9AI Score

0.003EPSS

2019-06-10 06:29 PM

32

cve

CVE-2019-13481

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings.

8.8CVSS

8.9AI Score

0.002EPSS

2019-07-10 08:15 PM

122

cve

CVE-2019-13482

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.

8.8CVSS

8.9AI Score

0.002EPSS

2019-07-10 08:15 PM

128