CVE-2018-20674

Vulnerability

An authenticated remote command execution vulnerability exists in the web-GUI configuration interface of several D-Link router models. The affected devices include DIR-822 C1 (firmware v3.10B06 and older), DIR-822-US C1 (firmware v3.10B06 and older), DIR-850L A* (firmware v1.21B07 and older), DIR-850L B* (firmware v2.22B02Beta and older), and DIR-880L A* (firmware v1.20B01Beta and older), as described in the D-Link advisory [1]. The vulnerability allows an authenticated user to execute arbitrary commands on the device.

Exploitation

An attacker must have valid credentials to the web-GUI configuration interface, which is accessible only from the LAN side (WAN access is disabled by default) [1]. With authenticated access, the attacker can send crafted requests to trigger command execution, leading to full control of the device.

Impact

Successful exploitation grants the attacker remote command execution with root privileges, allowing complete compromise of the router, including data exfiltration, network manipulation, and potential pivoting to internal networks.

Mitigation

The vendor released fixed firmware versions: v3.11B01Beta for DIR-822 C1 and DIR-822-US C1, v1.21B08Beta for DIR-850L Rev. A, v2.22B03Beta for DIR-850L Rev. B, and v1.20B02Beta for DIR-880L Rev. A [1]. Users should update to these versions. No workarounds are available; updating firmware is the only mitigation.