Sign-up

ID

VAR-201908-0340


CVE

CVE-2019-15529


TITLE

D-Link DIR-823G Command injection vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-008235

DESCRIPTION

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. D-Link DIR-823G The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in the D-Link DIR-823G. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command

Trust: 2.34

sources: NVD: CVE-2019-15529 // JVNDB: JVNDB-2019-008235 // CNVD: CNVD-2019-30426 // VULHUB: VHN-147584 // VULMON: CVE-2019-15529

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-30426

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-823gscope:eqversion:1.0.2b05

Trust: 1.0

vendor:d linkmodel:dir-823gscope:eqversion:1.0.2b05

Trust: 0.8

vendor:d linkmodel:dir-823g 1.0.2b05scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-30426 // JVNDB: JVNDB-2019-008235 // NVD: CVE-2019-15529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15529
value: HIGH

Trust: 1.0

NVD: CVE-2019-15529
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-30426
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-1912
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147584
value: HIGH

Trust: 0.1

VULMON: CVE-2019-15529
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15529
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-30426
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-147584
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15529
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-30426 // VULHUB: VHN-147584 // VULMON: CVE-2019-15529 // JVNDB: JVNDB-2019-008235 // CNNVD: CNNVD-201908-1912 // NVD: CVE-2019-15529

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-147584 // JVNDB: JVNDB-2019-008235 // NVD: CVE-2019-15529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1912

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201908-1912

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008235

PATCH
title:Top Pageurl:http://www.dlink.lt/en/
Trust: 0.8
title:vulnerability-laburl:https://github.com/pen4uin/vulnerability-lab 
Trust: 0.1
title:Vulnerability_Researchurl:https://github.com/pen4uin/Vulnerability_Research 
Trust: 0.1
title: - url:https://github.com/pen4uin/awesome-vulnerability-research 
Trust: 0.1
title: - url:https://github.com/pen4uin/vulnerability-research-list 
Trust: 0.1
title:SecBooksurl:https://github.com/SexyBeast233/SecBooks 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-15529 // 
            
            
            
            JVNDB: JVNDB-2019-008235

EXTERNAL IDS
db:NVDid:CVE-2019-15529
Trust: 3.2
db:JVNDBid:JVNDB-2019-008235
Trust: 0.8
db:CNNVDid:CNNVD-201908-1912
Trust: 0.7
db:CNVDid:CNVD-2019-30426
Trust: 0.6
db:NSFOCUSid:44175
Trust: 0.6
db:VULHUBid:VHN-147584
Trust: 0.1
db:VULMONid:CVE-2019-15529
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-30426 // 
            
            
            
            VULHUB: VHN-147584 // 
            
            
            
            VULMON: CVE-2019-15529 // 
            
            
            
            JVNDB: JVNDB-2019-008235 // 
            
            
            
            CNNVD: CNNVD-201908-1912 // 
            
            
            
            NVD: CVE-2019-15529

REFERENCES
url:https://github.com/teamseri0us/pocs/blob/master/iot/dlink/823g-102b05-1.pdf
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-15529
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15529
Trust: 0.8
url:http://www.nsfocus.net/vulndb/44175
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/pen4uin/vulnerability-lab
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-30426 // 
            
            
            
            VULHUB: VHN-147584 // 
            
            
            
            VULMON: CVE-2019-15529 // 
            
            
            
            JVNDB: JVNDB-2019-008235 // 
            
            
            
            CNNVD: CNNVD-201908-1912 // 
            
            
            
            NVD: CVE-2019-15529

SOURCES
db:CNVDid:CNVD-2019-30426
db:VULHUBid:VHN-147584
db:VULMONid:CVE-2019-15529
db:JVNDBid:JVNDB-2019-008235
db:CNNVDid:CNNVD-201908-1912
db:NVDid:CVE-2019-15529

LAST UPDATE DATE
2024-11-23T22:16:55.850000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-30426date:2019-09-05T00:00:00
db:VULHUBid:VHN-147584date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-15529date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-008235date:2019-08-28T00:00:00
db:CNNVDid:CNNVD-201908-1912date:2020-10-28T00:00:00
db:NVDid:CVE-2019-15529date:2024-11-21T04:28:56.443

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-30426date:2019-08-30T00:00:00
db:VULHUBid:VHN-147584date:2019-08-23T00:00:00
db:VULMONid:CVE-2019-15529date:2019-08-23T00:00:00
db:JVNDBid:JVNDB-2019-008235date:2019-08-28T00:00:00
db:CNNVDid:CNNVD-201908-1912date:2019-08-23T00:00:00
db:NVDid:CVE-2019-15529date:2019-08-23T17:15:13.917