cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-13482,https://securityvulnerability.io/vulnerability/CVE-2019-13482,Command Injection Vulnerability in D-Link DIR-818LW Devices,"A command injection vulnerability exists in D-Link DIR-818LW devices running firmware version 2.06betab01. The issue arises in the HNAP1 protocol, which is vulnerable to exploitation through shell metacharacters in the Type field when configuring WAN settings. An attacker with authenticated access could leverage this flaw to execute arbitrary commands on the device, potentially compromising the network.",D-Link,Dir-818lw Firmware,8.8,HIGH,0.010599999688565731,false,,false,false,false,,,false,false,,2019-07-10T19:53:39.000Z,0
CVE-2019-13481,https://securityvulnerability.io/vulnerability/CVE-2019-13481,Command Injection Vulnerability in D-Link DIR-818LW Devices,"A command injection vulnerability was found in D-Link DIR-818LW devices with specific firmware. By exploiting shell metacharacters in the MTU field during the SetWanSettings configuration, an attacker can generate arbitrary commands, which could compromise the device's integrity. Proper safeguards against such command injections are essential for maintaining network security and safeguarding against unauthorized access.",D-Link,Dir-818lw Firmware,8.8,HIGH,0.010599999688565731,false,,false,false,false,,,false,false,,2019-07-10T19:53:29.000Z,0
CVE-2019-12787,https://securityvulnerability.io/vulnerability/CVE-2019-12787,Command Injection Vulnerability in D-Link DIR-818LW Devices,A command injection vulnerability exists on D-Link DIR-818LW devices within the HNAP1 SetWanSettings function. This exploitation allows attackers to inject malicious commands through an XML injection targeting the Gateway key value. Affected versions range from 2.05.B03 to 2.06B01 BETA. Users of these devices should implement immediate updates and review their security configurations to mitigate potential risks.,D-Link,Dir-818lw Firmware,8.8,HIGH,0.014630000106990337,false,,false,false,false,,,false,false,,2019-06-10T17:49:38.000Z,0
CVE-2019-12786,https://securityvulnerability.io/vulnerability/CVE-2019-12786,Command Injection Vulnerability in D-Link Router Products,"A command injection vulnerability has been identified in D-Link DIR-818LW routers, specifically affecting versions from 2.05.B03 to 2.06B01 BETA. This issue is related to the HNAP1 SetWanSettings functionality, where an attacker could exploit an XML injection flaw in the IPAddress parameter. Successful exploitation allows an unauthorized user to execute arbitrary commands on the device, potentially compromising the integrity and confidentiality of the network.",D-Link,Dir-818lw Firmware,8.8,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2019-06-10T17:49:30.000Z,0
CVE-2018-19987,https://securityvulnerability.io/vulnerability/CVE-2018-19987,Command Injection Vulnerability in D-Link Routers,"Certain D-Link router models are susceptible to command injection due to inadequate validation of input parameters in the SetAccessPointMode function. Specifically, the IsAccessPoint parameter can be manipulated, allowing an attacker to inject shell commands into the system. This can lead to unauthorized access and control over the device, as shell metacharacters may be included within an XML message targeting the vulnerable endpoint.",D-link,Dir-818lw Firmware,9.8,CRITICAL,0.7918699979782104,false,,false,false,true,2020-11-19T23:01:11.000Z,true,false,false,,2019-05-13T13:23:33.000Z,0
CVE-2018-19986,https://securityvulnerability.io/vulnerability/CVE-2018-19986,Remote Port Parameter Vulnerability in D-Link Routers,"The vulnerability in D-Link DIR-818LW and DIR-822 routers arises from the improper handling of the RemotePort parameter in the /HNAP1/SetRouterSettings message. Without adequate regex validation, crafted XML messages can potentially allow attackers to inject shell metacharacters into the system configuration. This loophole can lead to significant security concerns, as it enables raw command execution through the device, putting users' networks at risk.",D-link,Dir-818lw Firmware,9.8,CRITICAL,0.09487999975681305,false,,false,false,false,,,false,false,,2019-05-13T13:22:05.000Z,0
CVE-2018-20114,https://securityvulnerability.io/vulnerability/CVE-2018-20114,,"On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an ""&&"" substring in the service parameter.  NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.",D-Link,Dir-818lw Firmware,9.8,CRITICAL,0.007960000075399876,false,,false,false,false,,,false,false,,2019-01-02T18:00:00.000Z,0