CVE-2018-5371

Name: CVE-2018-5371
Creator: NVD / NIST
Published: 2018-01-12T09:29:01.853+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 41.99%

Last modified Jun 17, 2026

CVE-2018-5371 is a vulnerability of currently unknown severity. diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.. EPSS estimates a 41.99% chance of exploitation in the next 30 days.

Description

diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.

Metrics

EPSS Probability

41.99%

98.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
D-Link	Dsl-2540u Firmware	me_1.00
D-Link	Dsl-2640u Firmware	im_1.00
D-Link	Dsl-2640u Firmware	me_1.00

References

https://www.iplantom.com/2018/01/10/dsl2640U/Exploit, Technical Description, Third Party Advisory, URL Repurposed
https://www.iplantom.com/2018/01/10/dsl2640U/Exploit, Technical Description, Third Party Advisory, URL Repurposed

Timeline

Published: Jan 12, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-5371?

How severe is CVE-2018-5371?

Severity scoring for CVE-2018-5371 is pending analysis. The EPSS model estimates a 41.99% probability of exploitation in the next 30 days.

How do I fix CVE-2018-5371?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-5371?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST