CVE-2018-10823
CVE-2018-10823
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 78.2%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
12 Oct 2018Public PoC
17 Oct 2018Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/45676unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.