Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dir\-818lw_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-10 | CVE-2019-12787 | An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key. | Dir\-818lw_firmware | 8.8 | ||
| 2019-07-10 | CVE-2019-13482 | An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings. | Dir\-818lw_firmware | 8.8 | ||
| 2019-07-10 | CVE-2019-13481 | An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings. | Dir\-818lw_firmware | 8.8 | ||
| 2019-06-10 | CVE-2019-12786 | An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key. | Dir\-818lw_firmware | 8.8 | ||
| 2019-01-02 | CVE-2018-20114 | On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. | Dir\-818lw_firmware, Dir\-860l_firmware | 9.8 |