Is CVE-2018-10823 actively exploited?

CVE-2018-10823 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-10823?

CVE-2018-10823 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2018-10823?

Patch guidance is available from dlink security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-10823.

Fix CVE-2018-10823 - HIGH dlink dwr-116 firmware

Q: Which products are affected by CVE-2018-10823?

4 products: dlink dwr-116 firmware, dlink dwr-512 firmware, dlink dwr-912 firmware, dlink dwr-111 firmware.

Description

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-78 · OS Command Injection

Metadata

Primary Vendor: DLINK
Published: 10/17/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

dlink : dwr-116_firmwaredlink : dwr-512_firmwaredlink : dwr-912_firmwaredlink : dwr-111_firmware

Remediation Guidance

Executive Summary

View on NIST NVD