CVE-2018-10967

{"id": "CVE-2018-10967", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-05-18T14:29:00.217", "references": [{"url": "https://fortiguard.com/zeroday/FG-VD-18-060", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution."}, {"lang": "es", "value": "En los dispositivos D-Link DIR-550A y DIR-604M hasta la versi\u00f3n v2.10KR, un usuario malicioso puede falsificar una petici\u00f3n HTTP para inyectar comandos del sistema operativo que pueden ejecutarse en el dispositivo con mayores privilegios. Esto tambi\u00e9n se conoce como ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2023-04-26T18:55:30.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dir-550a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A31BAD0-5EF3-4EE2-A809-555D20BA6998", "versionEndIncluding": "2.10kr"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-550a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05DF8AB4-B180-4A72-88B1-86C7D79195BD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dir-604m_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3606EB18-F09B-4D5E-BB25-68E51E30E384", "versionEndIncluding": "2.10kr"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-604m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE4DA1F5-4A48-491E-8763-81D0CAA45B9C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}