CVE-2018-5371
Description
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
- CVSS Version 3.0
- CVSS Version 2.0
nvd
CVE ID: CVE-2018-5371
Base Score: 8.8
Base Severity: HIGH
Vector String:CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd
CVE ID: CVE-2018-5371
Base Score: 9.0
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:S/C:C/I:C/A:C
Refrence: NVD