cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2019-13482,https://securityvulnerability.io/vulnerability/CVE-2019-13482,,An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.,D-Link,Dir-818lw Firmware,8.8,HIGH,0.010599999688565731,false,false,false,false,,false,false,2019-07-10T19:53:39.000Z,0
CVE-2019-13481,https://securityvulnerability.io/vulnerability/CVE-2019-13481,,An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings.,D-Link,Dir-818lw Firmware,8.8,HIGH,0.010599999688565731,false,false,false,false,,false,false,2019-07-10T19:53:29.000Z,0
CVE-2019-12787,https://securityvulnerability.io/vulnerability/CVE-2019-12787,,An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.,D-Link,Dir-818lw Firmware,8.8,HIGH,0.014630000106990337,false,false,false,false,,false,false,2019-06-10T17:49:38.000Z,0
CVE-2019-12786,https://securityvulnerability.io/vulnerability/CVE-2019-12786,,An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.,D-Link,Dir-818lw Firmware,8.8,HIGH,0.0017800000496208668,false,false,false,false,,false,false,2019-06-10T17:49:30.000Z,0
CVE-2018-19987,https://securityvulnerability.io/vulnerability/CVE-2018-19987,,"D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.",D-link,Dir-818lw Firmware,9.8,CRITICAL,0.7918699979782104,false,false,false,true,true,false,false,2019-05-13T13:23:33.000Z,0
CVE-2018-19986,https://securityvulnerability.io/vulnerability/CVE-2018-19986,,"In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1.""/web"" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1.""/web"" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string.",D-link,Dir-818lw Firmware,9.8,CRITICAL,0.09487999975681305,false,false,false,false,,false,false,2019-05-13T13:22:05.000Z,0
CVE-2018-20114,https://securityvulnerability.io/vulnerability/CVE-2018-20114,,"On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an ""&&"" substring in the service parameter.  NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.",D-Link,Dir-818lw Firmware,9.8,CRITICAL,0.007960000075399876,false,false,false,false,,false,false,2019-01-02T18:00:00.000Z,0