Sign-up

ID

VAR-201801-1837


TITLE

D-Link DIR 615/645/815 service.cgi Remote Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-01084

DESCRIPTION

D-LinkDIR615/645/815 is a wireless router product from D-Link. A remote command execution vulnerability exists in D-Link DIR615/645/815 Router 1.03 and previous firmware versions. The vulnerability is caused by the splicing of the data in the HTTP POST request in service.cgi, causing the background commands to be spliced, resulting in arbitrary commands.

Trust: 0.6

sources: CNVD: CNVD-2018-01084

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-01084

AFFECTED PRODUCTS

vendor:d linkmodel:dirscope:eqversion:615

Trust: 0.6

vendor:d linkmodel:dirscope:eqversion:645

Trust: 0.6

vendor:d linkmodel:dirscope:eqversion:815

Trust: 0.6

sources: CNVD: CNVD-2018-01084

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-01084
value: HIGH

Trust: 0.6

CNVD: CNVD-2018-01084
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2018-01084

PATCH

title:D-LinkDIR615/645/815service.cgi patch for remote command execution vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/113581

Trust: 0.6

sources: CNVD: CNVD-2018-01084

EXTERNAL IDS

db:PACKETSTORMid:145859

Trust: 0.6

db:CNVDid:CNVD-2018-01084

Trust: 0.6

sources: CNVD: CNVD-2018-01084

REFERENCES

url:https://packetstormsecurity.com/files/145859/dlinkroutersservice-exec.txt

Trust: 0.6

sources: CNVD: CNVD-2018-01084

SOURCES

db:CNVDid:CNVD-2018-01084

LAST UPDATE DATE

2022-05-17T02:01:04.176000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-01084date:2018-01-17T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-01084date:2018-01-17T00:00:00