On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-11T15:22:44
Updated: 2019-04-11T19:41:38
Reserved: 2018-11-15T00:00:00
Link: CVE-2018-19300
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-11T16:29:00.620
Modified: 2023-04-26T19:27:52.350
Link: CVE-2018-19300
JSON object: View
Redhat Information
No data.
CWE