Lucene search

MitreCVE-2018-20674

HistoryJan 09, 2019 - 12:29 a.m.

CVE-2018-20674

2019-01-0900:29:00

mitre

web.nvd.nist.gov

d-link

dir-822

dir-850l

dir-880l

authenticated

remote command execution

cve-2018-20674

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.

Affected configurations

Nvd

Node

dlinkdir-822_firmwareRange≤3.10b06

AND

dlinkdir-822Match-

Node

dlinkdir-822-us_firmwareRange≤3.10b06

AND

dlinkdir-822-usMatch-

Node

dlinkdir-850l_firmwareRange≤1.21b07

AND

dlinkdir-850lMatch-

Node

dlinkdir-850l_firmwareRange≤2.21b01

dlinkdir-850l_firmwareMatch2.22b02beta

AND

dlinkdir-850lMatch-

Node

dlinkdir-880l_firmwareRange≤1.07.b08

dlinkdir-880l_firmwareMatch1.20b01beta

AND

dlinkdir-880lMatch-

VendorProductVersionCPE
dlinkdir-822_firmware*cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*
dlinkdir-822-cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*
dlinkdir-822-us_firmware*cpe:2.3:o:dlink:dir-822-us_firmware:*:*:*:*:*:*:*:*
dlinkdir-822-us-cpe:2.3:h:dlink:dir-822-us:-:*:*:*:*:*:*:*
dlinkdir-850l_firmware*cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*
dlinkdir-850l-cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*
dlinkdir-850l_firmware2.22b02cpe:2.3:o:dlink:dir-850l_firmware:2.22b02:beta:*:*:*:*:*:*
dlinkdir-880l_firmware*cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*
dlinkdir-880l_firmware1.20b01cpe:2.3:o:dlink:dir-880l_firmware:1.20b01:beta:*:*:*:*:*:*
dlinkdir-880l-cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dir-822_firmware	*	cpe:2.3:o:dlink:dir-822_firmware::::::::
dlink	dir-822	-	cpe:2.3:h:dlink:dir-822:-:::::::*
dlink	dir-822-us_firmware	*	cpe:2.3:o:dlink:dir-822-us_firmware::::::::
dlink	dir-822-us	-	cpe:2.3:h:dlink:dir-822-us:-:::::::*
dlink	dir-850l_firmware	*	cpe:2.3:o:dlink:dir-850l_firmware::::::::
dlink	dir-850l	-	cpe:2.3:h:dlink:dir-850l:-:::::::*
dlink	dir-850l_firmware	2.22b02	cpe:2.3:o:dlink:dir-850l_firmware:2.22b02:beta::::::
dlink	dir-880l_firmware	*	cpe:2.3:o:dlink:dir-880l_firmware::::::::
dlink	dir-880l_firmware	1.20b01	cpe:2.3:o:dlink:dir-880l_firmware:1.20b01:beta::::::
dlink	dir-880l	-	cpe:2.3:h:dlink:dir-880l:-:::::::*

References

securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

Related for CVE-2018-20674