vulnerability

D-Link DIR (CVE-2018-6530): D-Link Multiple Routers OS Command Injection Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	03/06/2018	07/01/2024	07/03/2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

03/06/2018

Added

07/01/2024

Modified

07/03/2024

Description

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.

Solution

dlink-retire-device

References

CVE-2018-6530
https://attackerkb.com/topics/CVE-2018-6530
URL-ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today