CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20056

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.464

EPSS Ranking 97.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20stack%20overflow.md
https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20stack%20overflow.md

Products affected by CVE-2018-20056

Dlink » Dir-605l » Version: N/A

cpe:2.3:h:dlink:dir-605l:-
Dlink » Dir-619l » Version: N/A

cpe:2.3:h:dlink:dir-619l:-
D-Link » Dir-605l Firmware » Version: 2.12b1

cpe:2.3:o:d-link:dir-605l_firmware:2.12b1
D-Link » Dir-619l Firmware » Version: 2.06b1

cpe:2.3:o:d-link:dir-619l_firmware:2.06b1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20056

Products

Pricing

Contact Us