CVE-2018-10822

high-risk

Published 2018-10-17

Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.

Do I need to act?

86.7% chance of exploitation in next 30 days

EPSS score — higher than 13% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45678

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (8)

Dwr-116 Firmware

Dir-140L Firmware

Dir-640L Firmware

Dwr-512 Firmware

Dwr-712 Firmware

Dwr-912 Firmware

Dwr-921 Firmware

Dwr-111 Firmware

Affected Vendors

Dlink

References (4)

Exploit http://sploit.tech/2018/10/12/D-Link.html

Exploit https://seclists.org/fulldisclosure/2018/Oct/36

Exploit http://sploit.tech/2018/10/12/D-Link.html

Exploit https://seclists.org/fulldisclosure/2018/Oct/36

/ 100

high-risk

Severity 26/34 · High

Exploitability 20/34 · Moderate

Exposure 14/34 · Moderate