CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.086

EPSS Ranking 91.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-20114
https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-20114

Products affected by CVE-2018-20114

Dlink » Dir-818lw » Version: N/A

cpe:2.3:h:dlink:dir-818lw:-
Dlink » Dir-860l » Version: N/A

cpe:2.3:h:dlink:dir-860l:-
Dlink » Dir-818lw Firmware » Version: 2.05.b03

cpe:2.3:o:dlink:dir-818lw_firmware:2.05.b03
Dlink » Dir-860l Firmware » Version: 2.03.b03

cpe:2.3:o:dlink:dir-860l_firmware:2.03.b03

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20114

Products

Pricing

Contact Us