CVE-2018-6530

Опубликовано: 06 мар. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Критический

Описание

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.

Ссылки

ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf
Release Notes
Vendor Advisory
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf
Release Notes
Vendor Advisory
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf
Release Notes
Vendor Advisory
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf
Release Notes
Vendor Advisory
https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto
Exploit
Third Party Advisory
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf
Release Notes
Vendor Advisory
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf
Release Notes
Vendor Advisory
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf
Release Notes
Vendor Advisory
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf
Release Notes
Vendor Advisory
https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto
Exploit
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6530
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*

Версия до 1.10b04 (включая)

cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*

Версия до 1.08b01 (включая)

cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*

Версия до 1.12b04 (включая)

cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*

Версия до 1.08b04 (включая)

cpe:2.3:h:dlink:dir-880l:a1:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.94294

Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-j95f-33m4-87jf

CVSS3: 9.8

github

больше 3 лет назад

BDU:2018-00550

CVSS3: 9.8

fstec

больше 8 лет назад

Уязвимость функции soapcgi_main сценария soap.cgi микропрограммного обеспечения маршрутизаторов D-Link DIR-868L, DIR-865L, DIR-880L и DIR-860L, позволяющая нарушителю выполнять произвольные команды операционной системы

EPSS

Процентиль: 100%

0.94294

Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78