Main Vulnerability Database Exploits ID:5984 - Exploit for OS command injection in D-Link products - CVE-2018-10823

ID:5984 - Exploit for OS command injection in D-Link products - CVE-2018-10823

Published: June 17, 2021

Vulnerability identifier: #VU15390

Vulnerability risk: High

CVE-ID: CVE-2018-10823

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
DWR-111
DWR-921
DWR-912
DWR-712
DWR-512
DWR-116

Link to public exploit:

https://www.exploit-db.com/exploits/45676/

Vulnerability description

The vulnerability allows a remote authenticated attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to insufficient sanitization of user-supplied data within the chkisg.htm page Sip parameter. A remote authenticated attacker can inject and execute arbitrary code with elevated privileges.

Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

ID:5984 - Exploit for OS command injection in D-Link products - CVE-2018-10823

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human