Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Filtered by product Dir-818lw Firmware
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13482 1 Dlink 2 Dir-818lw, Dir-818lw Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.
CVE-2019-13481 1 Dlink 2 Dir-818lw, Dir-818lw Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings.
CVE-2019-12787 1 Dlink 2 Dir-818lw, Dir-818lw Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.
CVE-2019-12786 1 Dlink 2 Dir-818lw, Dir-818lw Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.
CVE-2018-20114 1 Dlink 4 Dir-818lw, Dir-818lw Firmware, Dir-860l and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.