VAR-201902-0144
Vulnerability from variot - Updated: 2024-11-23 23:11An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. D-Link DIR-823G Device firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple D-Link Products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823G is a wireless router made by Taiwan D-Link Company. There is an operating system command injection vulnerability in D-Link DIR-823G using version 1.02B03 firmware. The vulnerability comes from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-823g",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b03"
},
{
"model": "dir-823g",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.02b03"
},
{
"model": "dir-823g 1.02b03",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dir-823g 1.02b01",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dir-823g 1.01b02",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dir-823g 1.00b02",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "106814"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
},
{
"db": "NVD",
"id": "CVE-2019-7298"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-823g_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Chen (360 Enterprise Security Group)",
"sources": [
{
"db": "BID",
"id": "106814"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-003"
}
],
"trust": 0.9
},
"cve": "CVE-2019-7298",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-7298",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-158733",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2019-7298",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7298",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-7298",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-003",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158733",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-7298",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158733"
},
{
"db": "VULMON",
"id": "CVE-2019-7298"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-003"
},
{
"db": "NVD",
"id": "CVE-2019-7298"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of \u0027 /bin/telnetd\u0027 for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. D-Link DIR-823G Device firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple D-Link Products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823G is a wireless router made by Taiwan D-Link Company. There is an operating system command injection vulnerability in D-Link DIR-823G using version 1.02B03 firmware. The vulnerability comes from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7298"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
},
{
"db": "BID",
"id": "106814"
},
{
"db": "VULHUB",
"id": "VHN-158733"
},
{
"db": "VULMON",
"id": "CVE-2019-7298"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7298",
"trust": 2.9
},
{
"db": "BID",
"id": "106814",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001586",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-003",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158733",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7298",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158733"
},
{
"db": "VULMON",
"id": "CVE-2019-7298"
},
{
"db": "BID",
"id": "106814"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-003"
},
{
"db": "NVD",
"id": "CVE-2019-7298"
}
]
},
"id": "VAR-201902-0144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158733"
}
],
"trust": 0.6777243399999999
},
"last_update_date": "2024-11-23T23:11:55.783000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/consumer"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158733"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
},
{
"db": "NVD",
"id": "CVE-2019-7298"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://github.com/leonw7/d-link/blob/master/vul_2.md"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/106814"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7298"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7298"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158733"
},
{
"db": "VULMON",
"id": "CVE-2019-7298"
},
{
"db": "BID",
"id": "106814"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-003"
},
{
"db": "NVD",
"id": "CVE-2019-7298"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158733"
},
{
"db": "VULMON",
"id": "CVE-2019-7298"
},
{
"db": "BID",
"id": "106814"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-003"
},
{
"db": "NVD",
"id": "CVE-2019-7298"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-158733"
},
{
"date": "2019-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7298"
},
{
"date": "2019-02-01T00:00:00",
"db": "BID",
"id": "106814"
},
{
"date": "2019-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001586"
},
{
"date": "2019-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-003"
},
{
"date": "2019-02-01T06:29:00.193000",
"db": "NVD",
"id": "CVE-2019-7298"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-158733"
},
{
"date": "2019-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7298"
},
{
"date": "2019-02-01T00:00:00",
"db": "BID",
"id": "106814"
},
{
"date": "2019-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001586"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-003"
},
{
"date": "2024-11-21T04:47:57.343000",
"db": "NVD",
"id": "CVE-2019-7298"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-823G In device firmware OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001586"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-003"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…