Published on August 24th, 2019 📆 | 3245 Views ⚑0
D-Link DIR-823G V1.0.2B05 HNAP1 SetWanSettings MaxIdTime command injection
|CVSS Meta Temp Score||Current Exploit Price (≈)|
A vulnerability classified as critical has been found in D-Link DIR-823G V1.0.2B05 (Router Operating System). Affected is the function
SetWanSettings of the component HNAP1. The manipulation of the argument
MaxIdTime as part of a Shell Metacharacter leads to a privilege escalation vulnerability (Command Injection). CWE is classifying the issue as CWE-88. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was disclosed 08/23/2019. This vulnerability is traded as CVE-2019-15527 since 08/23/2019. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 08/24/2019).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.5
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day unlock unlock unlock unlock Today unlock unlock unlock unlock
0-Day Time: 🔒
08/23/2019 Advisory disclosed Use the official API to access entries easily!
08/23/2019 +0 days CVE assigned
08/24/2019 +1 days VulDB entry created
08/24/2019 +0 days VulDB last updateVendor: dlink.com
CVE: CVE-2019-15527 (🔒)
See also: 🔒Created: 08/24/2019 11:05 AM
Use the official API to access entries easily!