cvelistv5 - cve-2018-10822

CVE-2018-10822 (GCVE-0-2018-10822)

Vulnerability from cvelistv5

Published

2018-10-17 14:00

Modified

2024-08-05 07:46

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201810-0934

Vulnerability from variot

Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190. plural D-Link The product contains a path traversal vulnerability. DWR-116, DIR-140, DIR-640, etc. are all D-Link router products. D-Link DWR-116, etc. The following products and versions are affected: D-Link DWR-116 1.06 and earlier; DIR-140L 1.02 and earlier; DIR-640L 1.02 and earlier; DWR-512 2.02 and earlier; DWR-712 2.02 and earlier; DWR-912 2.02 and earlier; DWR-921 2.02 and earlier; DWR-111 1.01 and earlier.

PoC: aaaaa a $ curl http://routerip/uir//etc/passwd aaaaa

The vulnerability can be used retrieve administrative password using the other disclosed vulnerability - CVE-2018-10824

This vulnerability was reported previously by Patryk Bogdan in CVE-2017-6190 but he reported it is fixed in certain release but unfortunately it is still present in even newer releases. The vulnerability is also present in other D-Link routers and can be exploited not only (as the original author stated) by double dot but also absolutely using double slash.

2 Password stored in plaintext in several series of D-Link routers aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE: CVE-2018-10824

An issue was discovered on D-Link routers: aC/ DWR-116 through 1.06, aC/ DIR-140L through 1.02, aC/ DIR-640L through 1.02, aC/ DWR-512 through 2.02, aC/ DWR-712 through 2.02, aC/ DWR-912 through 2.02, aC/ DWR-921 through 2.02, aC/ DWR-111 through 1.01, aC/ and probably others with the same type of firmware.

NOTE: I have changed the filename in description to XXX because the vendor leaves some EOL routers unpatched and the attack is too simple.

The administrative password is stored in plaintext in the /tmp/XXX/0 file.

PoC using the directory traversal vulnerability disclosed at the same time - CVE-2018-10822

aaaaa a $ curl http://routerip/uir//tmp/XXX/0 aaaaa

This command returns a binary config file which contains admin username and password as well as many other router configuration settings.

3 Shell command injection in httpd server of a several series of D-Link routers aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaa

CVE: CVE-2018-10823

CVSS v3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

An issue was discovered on D-Link routers: aC/ DWR-116 through 1.06, aC/ DWR-512 through 2.02, aC/ DWR-712 through 2.02, aC/ DWR-912 through 2.02, aC/ DWR-921 through 2.02, aC/ DWR-111 through 1.01, aC/ and probably others with the same type of firmware.

An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.

PoC: 1. 2. Request the following URL after login: aaaaa a $ curl http://routerip/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20 %2Fetc%2Fpasswd aaaaa 3. See the passwd file contents in the response.

4 Exploiting all together aaaaaaaaaaaaaaaaaaaaaaaaa

CVSS v3: 10 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Taking all the three together it is easy to gain full router control including arbitrary code execution.

Description with video: [http://sploit.tech/2018/10/12/D-Link.html]

5 Timeline aaaaaaaaaa

aC/ 09.05.2018 - vendor notified aC/ 06.06.2018 - asked vendor about the status because of long vendor response aC/ 22.06.2018 - received a reply that a patch will be released for DWR-116 and DWR-111, for the other devices which are EOL an announcement will be released aC/ 09.09.2018 - still no reply from vendor about the patches or announcement, I have warned the vendor that if I will not get a reply in a month I will publish the disclosure aC/ 12.10.2018 - disclosing the vulnerabilities

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0934",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dir-640l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.02"
      },
      {
        "model": "dir-140l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.02"
      },
      {
        "model": "dwr-921",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.02"
      },
      {
        "model": "dwr-111",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.01"
      },
      {
        "model": "dwr-912",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.02"
      },
      {
        "model": "dwr-116",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.06"
      },
      {
        "model": "dwr-512",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.02"
      },
      {
        "model": "dwr-712",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.02"
      },
      {
        "model": "dir-140l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.02"
      },
      {
        "model": "dir-640l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.02"
      },
      {
        "model": "dwr-111",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.01"
      },
      {
        "model": "dwr-116",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.06"
      },
      {
        "model": "dwr-512",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "2.02"
      },
      {
        "model": "dwr-712",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "2.02"
      },
      {
        "model": "dwr-912",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "2.02"
      },
      {
        "model": "dwr-921",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "2.02"
      },
      {
        "model": "dwr-116",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "d link",
        "version": "1.06"
      },
      {
        "model": "dir-140l",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "d link",
        "version": "1.02"
      },
      {
        "model": "dir-640l",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "d link",
        "version": "1.02"
      },
      {
        "model": "dwr-512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "d link",
        "version": "2.02"
      },
      {
        "model": "dwr-712",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "d link",
        "version": "2.02"
      },
      {
        "model": "dwr-912",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "d link",
        "version": "2.02"
      },
      {
        "model": "dwr-921",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "d link",
        "version": "2.02"
      },
      {
        "model": "dwr-111",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "d link",
        "version": "1.01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10822"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:d-link:dir-140l_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:d-link:dir-640l_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:d-link:dwr-111_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:d-link:dwr-116_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:d-link:dwr-512_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:d-link:dwr-712_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:d-link:dwr-912_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:d-link:dwr-921_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Blazej Adamczyk",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "149844"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2018-10822",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-10822",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-21069",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-120620",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-10822",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-10822",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-10822",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-10822",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-21069",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-1016",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-120620",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-10822",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1016"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10822"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190. plural D-Link The product contains a path traversal vulnerability. DWR-116, DIR-140, DIR-640, etc. are all D-Link router products. D-Link DWR-116, etc. The following products and versions are affected: D-Link DWR-116 1.06 and earlier; DIR-140L 1.02 and earlier; DIR-640L 1.02 and earlier; DWR-512 2.02 and earlier; DWR-712 2.02 and earlier; DWR-912 2.02 and earlier; DWR-921 2.02 and earlier; DWR-111 1.01 and earlier. \n\n  PoC:\n  aaaaa\n  a $ curl http://routerip/uir//etc/passwd\n  aaaaa\n\n  The vulnerability can be used retrieve administrative password using\n  the other disclosed vulnerability - CVE-2018-10824\n\n  This vulnerability was reported previously by Patryk Bogdan in\n  CVE-2017-6190 but he reported it is fixed in certain release but\n  unfortunately it is still present in even newer releases. The\n  vulnerability is also present in other D-Link routers and can be\n  exploited not only (as the original author stated) by double dot but\n  also absolutely using double slash. \n\n\n2 Password stored in plaintext in several series of D-Link routers\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\n\n  CVE: CVE-2018-10824\n\n  An issue was discovered on D-Link routers:\n  aC/ DWR-116 through 1.06,\n  aC/ DIR-140L through 1.02,\n  aC/ DIR-640L through 1.02,\n  aC/ DWR-512 through 2.02,\n  aC/ DWR-712 through 2.02,\n  aC/ DWR-912 through 2.02,\n  aC/ DWR-921 through 2.02,\n  aC/ DWR-111 through 1.01,\n  aC/ and probably others with the same type of firmware. \n\n  NOTE: I have changed the filename in description to XXX because the\n  vendor leaves some EOL routers unpatched and the attack is too\nsimple. \n\n  The administrative password is stored in plaintext in the /tmp/XXX/0\n  file. \n\n  PoC using the directory traversal vulnerability disclosed at the same\n  time - CVE-2018-10822\n\n  aaaaa\n  a $ curl http://routerip/uir//tmp/XXX/0\n  aaaaa\n\n  This command returns a binary config file which contains admin\n  username and password as well as many other router configuration\n  settings. \n\n\n3 Shell command injection in httpd server of a several series of D-Link \nrouters\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\naaaaaaaa\n\n  CVE: CVE-2018-10823\n\n  CVSS v3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\n  An issue was discovered on D-Link routers:\n  aC/ DWR-116 through 1.06,\n  aC/ DWR-512 through 2.02,\n  aC/ DWR-712 through 2.02,\n  aC/ DWR-912 through 2.02,\n  aC/ DWR-921 through 2.02,\n  aC/ DWR-111 through 1.01,\n  aC/ and probably others with the same type of firmware. \n\n  An authenticated attacker may execute arbitrary code by injecting the\n  shell command into the chkisg.htm page Sip parameter. This allows for\n  full control over the device internals. \n\n  PoC:\n  1. \n  2. Request the following URL after login:\n     aaaaa\n     a $ curl http://routerip/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20\n%2Fetc%2Fpasswd\n     aaaaa\n  3. See the passwd file contents in the response. \n\n\n4 Exploiting all together\naaaaaaaaaaaaaaaaaaaaaaaaa\n\n  CVSS v3: 10 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n  Taking all the three together it is easy to gain full router control\n  including arbitrary code execution. \n\n  Description with video: [http://sploit.tech/2018/10/12/D-Link.html]\n\n\n5 Timeline\naaaaaaaaaa\n\n  aC/ 09.05.2018 - vendor notified\n  aC/ 06.06.2018 - asked vendor about the status because of long vendor\n    response\n  aC/ 22.06.2018 - received a reply that a patch will be released for\n    DWR-116 and DWR-111, for the other devices which are EOL an\n    announcement will be released\n  aC/ 09.09.2018 - still no reply from vendor about the patches or\n    announcement, I have warned the vendor that if I will not get a\n    reply in a month I will publish the disclosure\n  aC/ 12.10.2018 - disclosing the vulnerabilities\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-10822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10822"
      },
      {
        "db": "PACKETSTORM",
        "id": "149844"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-10822",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1016",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-120620",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10822",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149844",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      },
      {
        "db": "PACKETSTORM",
        "id": "149844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1016"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10822"
      }
    ]
  },
  "id": "VAR-201810-0934",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120620"
      }
    ],
    "trust": 1.3574404912499998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:59:19.845000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.dlink.lt/en/"
      },
      {
        "title": "D-Link router httpdserver directory traversal vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/142543"
      },
      {
        "title": "Kenzer Templates [5170] [DEPRECATED]",
        "trust": 0.1,
        "url": "https://github.com/ARPSyndicate/kenzer-templates "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2018/10/17/dlink_security_flaws/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-120620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10822"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://sploit.tech/2018/10/12/d-link.html"
      },
      {
        "trust": 2.5,
        "url": "https://seclists.org/fulldisclosure/2018/oct/36"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10822"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10822"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/arpsyndicate/kenzer-templates"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6190"
      },
      {
        "trust": 0.1,
        "url": "http://routerip/uir//tmp/xxx/0"
      },
      {
        "trust": 0.1,
        "url": "http://sploit.tech/"
      },
      {
        "trust": 0.1,
        "url": "http://routerip/uir//etc/passwd"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10824"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10823"
      },
      {
        "trust": 0.1,
        "url": "http://sploit.tech/2018/10/12/d-link.html]"
      },
      {
        "trust": 0.1,
        "url": "http://routerip/chkisg.htm%3fsip%3d1.1.1.1%20%7c%20cat%20"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      },
      {
        "db": "PACKETSTORM",
        "id": "149844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1016"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10822"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      },
      {
        "db": "PACKETSTORM",
        "id": "149844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1016"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10822"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "date": "2018-10-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-120620"
      },
      {
        "date": "2018-10-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-10822"
      },
      {
        "date": "2019-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      },
      {
        "date": "2018-10-18T03:47:09",
        "db": "PACKETSTORM",
        "id": "149844"
      },
      {
        "date": "2018-10-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1016"
      },
      {
        "date": "2018-10-17T14:29:00.663000",
        "db": "NVD",
        "id": "CVE-2018-10822"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-21069"
      },
      {
        "date": "2019-01-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-120620"
      },
      {
        "date": "2023-11-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-10822"
      },
      {
        "date": "2019-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      },
      {
        "date": "2019-02-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1016"
      },
      {
        "date": "2024-11-21T03:42:05.497000",
        "db": "NVD",
        "id": "CVE-2018-10822"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1016"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  D-Link Product vulnerable to path traversal",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013709"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1016"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2018-10822

Vulnerability from fkie_nvd

Published

2018-10-17 14:29

Modified

2024-11-21 03:42

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://sploit.tech/2018/10/12/D-Link.html	Exploit
cve@mitre.org	https://seclists.org/fulldisclosure/2018/Oct/36	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sploit.tech/2018/10/12/D-Link.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2018/Oct/36	Exploit, Mailing List, Third Party Advisory

Impacted products

Vendor	Product	Version
dlink	dwr-116_firmware	*
dlink	dwr-116	-
dlink	dir-140l_firmware	*
dlink	dir-140l	-
dlink	dir-640l_firmware	*
dlink	dir-640l	-
dlink	dwr-512_firmware	*
dlink	dwr-512	-
dlink	dwr-712_firmware	*
dlink	dwr-712	-
dlink	dwr-912_firmware	*
dlink	dwr-921	-
dlink	dwr-921_firmware	*
dlink	dwr-921	-
dlink	dwr-111_firmware	*
dlink	dwr-111	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B75F8993-E3DE-4E8E-A202-F65B73BCBE4B",
              "versionEndIncluding": "1.06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B307E277-9C31-4D69-B4E2-4FE28B2E2AE3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-140l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18157B-E01A-436D-BE12-67F98EED68E3",
              "versionEndIncluding": "1.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB31E266-B075-42EA-891D-B4EB8E800091",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-640l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5749C6C-2149-4BE0-971D-B01897BEC22D",
              "versionEndIncluding": "1.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "420C6BC9-082D-47D7-9612-553B3B8EEBBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41CAC2C7-FAC8-48DA-B28E-8112209B8898",
              "versionEndIncluding": "2.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90DE6771-50FB-492D-B931-193BB9286B52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-712_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB35A612-8DBD-46BD-80C5-4CA982D414C6",
              "versionEndIncluding": "2.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-712:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F45AFE88-4369-4CD5-BFC0-69AF3DF0A77A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FEC076-CCD2-4153-9E49-50F6BE0E4F8E",
              "versionEndIncluding": "2.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B01219-1B35-45CF-AD67-53E59C5A2C99",
              "versionEndIncluding": "2.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-111_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16948147-16DB-4365-A4EC-3F5B4298B564",
              "versionEndIncluding": "1.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-111:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B810AA-0D3A-439F-8AD9-D42CB368343B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la interfaz web en dispositivos D-Link DWR-116 hasta la versi\u00f3n 1.06, DIR-140L hasta la versi\u00f3n 1.02, DIR-640L hasta la versi\u00f3n 1.02, DWR-512 hasta la versi\u00f3n 2.02, DWR-712 hasta la versi\u00f3n 2.02, DWR-912 hasta la versi\u00f3n 2.02, DWR-921 hasta la versi\u00f3n 2.02 y DWR-111 hasta la versi\u00f3n 1.01 permite que atacantes remotos lean archivos arbitrarios mediante /.. o // tras \"GET /uir\" en una petici\u00f3n HTTP. NOTA: Esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta para CVE-2017-6190."
    }
  ],
  "id": "CVE-2018-10822",
  "lastModified": "2024-11-21T03:42:05.497",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-17T14:29:00.663",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://sploit.tech/2018/10/12/D-Link.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Oct/36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://sploit.tech/2018/10/12/D-Link.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Oct/36"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2018-10822

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-10822

Aliases

CVE-2018-10822

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-10822",
    "description": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.",
    "id": "GSD-2018-10822",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-10822"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-10822"
      ],
      "details": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.",
      "id": "GSD-2018-10822",
      "modified": "2023-12-13T01:22:41.471292Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-10822",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20181012 Multiple vulnerabilities in D-Link routers",
            "refsource": "FULLDISC",
            "url": "https://seclists.org/fulldisclosure/2018/Oct/36"
          },
          {
            "name": "http://sploit.tech/2018/10/12/D-Link.html",
            "refsource": "MISC",
            "url": "http://sploit.tech/2018/10/12/D-Link.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.06",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-140l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-640l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-712_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-712:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-912_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-111_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.01",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-111:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10822"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181012 Multiple vulnerabilities in D-Link routers",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/36"
            },
            {
              "name": "http://sploit.tech/2018/10/12/D-Link.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://sploit.tech/2018/10/12/D-Link.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-11-08T22:46Z",
      "publishedDate": "2018-10-17T14:29Z"
    }
  }
}

ghsa-qr3w-mv9r-8gf8

Vulnerability from github

Published

2022-05-14 01:39

Modified

2022-05-14 01:39

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-10822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-17T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.",
  "id": "GHSA-qr3w-mv9r-8gf8",
  "modified": "2022-05-14T01:39:32Z",
  "published": "2022-05-14T01:39:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10822"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2018/Oct/36"
    },
    {
      "type": "WEB",
      "url": "http://sploit.tech/2018/10/12/D-Link.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2018-21069

Vulnerability from cnvd

Title

D-Link路由器httpd server目录遍历漏洞

Description

DWR-116、DIR-140、DIR-640等均是D-Link公司路由器产品。 D-Link路由器多个系列httpd server存在目录遍历漏洞，允许远程攻击者通过HTTP请求中的“GET / uir”之后的/ ..或//读取任意文件。

Severity

高

Patch Name

D-Link路由器httpd server目录遍历漏洞的补丁

Patch Description

DWR-116、DIR-140、DIR-640等均是D-Link公司路由器产品。 D-Link路由器多个系列httpd server存在目录遍历漏洞，允许远程攻击者通过HTTP请求中的“GET / uir”之后的/ ..或//读取任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： http://www.dlink.com/

Reference

https://seclists.org/fulldisclosure/2018/Oct/36

Impacted products

Name
['D-Link DWR-116 <1.06', 'D-Link DIR-140L <1.02', 'D-Link DIR-640L <1.02', 'D-Link DWR-512 <2.02', 'D-Link DWR-712 <2.02', 'D-Link DWR-912 <2.02', 'D-Link DWR-921 <2.02', 'D-Link DWR-111 <1.01']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10822"
    }
  },
  "description": "DWR-116\u3001DIR-140\u3001DIR-640\u7b49\u5747\u662fD-Link\u516c\u53f8\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nD-Link\u8def\u7531\u5668\u591a\u4e2a\u7cfb\u5217httpd server\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7HTTP\u8bf7\u6c42\u4e2d\u7684\u201cGET / uir\u201d\u4e4b\u540e\u7684/ ..\u6216//\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Blazej Adamczyk",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.dlink.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-21069",
  "openTime": "2018-10-17",
  "patchDescription": "DWR-116\u3001DIR-140\u3001DIR-640\u7b49\u5747\u662fD-Link\u516c\u53f8\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nD-Link\u8def\u7531\u5668\u591a\u4e2a\u7cfb\u5217httpd server\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7HTTP\u8bf7\u6c42\u4e2d\u7684\u201cGET / uir\u201d\u4e4b\u540e\u7684/ ..\u6216//\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "D-Link\u8def\u7531\u5668httpd server\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "D-Link DWR-116 \u003c1.06",
      "D-Link DIR-140L \u003c1.02",
      "D-Link DIR-640L \u003c1.02",
      "D-Link DWR-512 \u003c2.02",
      "D-Link DWR-712 \u003c2.02",
      "D-Link DWR-912 \u003c2.02",
      "D-Link DWR-921 \u003c2.02",
      "D-Link DWR-111 \u003c1.01"
    ]
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Oct/36",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-17",
  "title": "D-Link\u8def\u7531\u5668httpd server\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-10822 (GCVE-0-2018-10822)

Vulnerability from cvelistv5

var-201810-0934

Vulnerability from variot

fkie_cve-2018-10822

Vulnerability from fkie_nvd

gsd-2018-10822

Vulnerability from gsd

ghsa-qr3w-mv9r-8gf8

Vulnerability from github

cnvd-2018-21069

Vulnerability from cnvd

Tags

Sightings

Nomenclature