CVE-2018-10822 Information

Description

Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06 DIR-140L through 1.02 DIR-640L through 1.02 DWR-512 through 2.02 DWR-712 through 2.02 DWR-912 through 2.02 DWR-921 through 2.02 and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \GET /uir\ in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://sploit.tech/2018/10/12/D-Link.html https://seclists.org/fulldisclosure/2018/Oct/36

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5