CVE-2018-10823
Summary
| CVE | CVE-2018-10823 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-17 14:29:00 UTC |
| Updated | 2023-11-08 22:46:00 UTC |
| Description | An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | D-link | Dwr-111 | - | All | All | All |
| Hardware | D-link | Dwr-111 | - | All | All | All |
| Operating System | D-link | Dwr-111 Firmware | All | All | All | All |
| Hardware | D-link | Dwr-116 | - | All | All | All |
| Hardware | D-link | Dwr-116 | - | All | All | All |
| Operating System | D-link | Dwr-116 Firmware | All | All | All | All |
| Hardware | D-link | Dwr-512 | - | All | All | All |
| Hardware | D-link | Dwr-512 | - | All | All | All |
| Operating System | D-link | Dwr-512 Firmware | All | All | All | All |
| Hardware | D-link | Dwr-912 | - | All | All | All |
| Hardware | D-link | Dwr-912 | - | All | All | All |
| Operating System | D-link | Dwr-912 Firmware | All | All | All | All |
| Hardware | D-link | Dwr-921 | - | All | All | All |
| Hardware | Dlink | Dwr-111 | - | All | All | All |
| Operating System | Dlink | Dwr-111 Firmware | All | All | All | All |
| Hardware | Dlink | Dwr-116 | - | All | All | All |
| Operating System | Dlink | Dwr-116 Firmware | All | All | All | All |
| Hardware | Dlink | Dwr-512 | - | All | All | All |
| Operating System | Dlink | Dwr-512 Firmware | All | All | All | All |
| Operating System | Dlink | Dwr-912 Firmware | All | All | All | All |
| Hardware | Dlink | Dwr-921 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| D-Link routers - full takeover | MISC | sploit.tech | Exploit, Third Party Advisory |
| Full Disclosure: Multiple vulnerabilities in D-Link routers | FULLDISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.