#VU67064 OS Command Injection in D-Link products - CVE-2018-6530
Vulnerability identifier: #VU67064
Vulnerability risk: High
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID:
CWE-ID:
CWE-78
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
DIR-880L
Hardware solutions /
Routers & switches, VoIP, GSM, etc
DIR-868L
Hardware solutions /
Routers & switches, VoIP, GSM, etc
DIR-860L
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-865L
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: D-Link
Description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the service parameter within the soap.cgi (soapcgi_main in cgibin). A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
DIR-880L: 1.08B04
DIR-868L: 112b04
DIR-860L: 110b04
Dir-865L: 1.08.B01
External links
https:httpftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf
https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
