Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2019-16920
HistorySep 27, 2019 - 12:15 p.m.

CVE-2019-16920

2019-09-2712:15:10
CWE-78
mitre
web.nvd.nist.gov
943
In Wild
2
cve-2019-16920
remote code execution
d-link
dir-655c
dir-866l
dir-652
dhp-1565
dir-855l
dap-1533
dir-862l
dir-615
dir-835
dir-825
command injection
system compromise
nvd

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.97

Percentile

99.8%

JSON

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a β€œPingTest” device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

Affected configurations

Nvd
Node
dlinkdir-655_firmwareRange≀3.02b05
AND
dlinkdir-655Matchcx
Node
dlinkdir-866l_firmwareRange≀1.03b04
AND
dlinkdir-866lMatchax
Node
dlinkdir-652_firmwareMatch-
AND
dlinkdir-652Matchax
Node
dlinkdhp-1565_firmwareRange≀1.01
AND
dlinkdhp-1565Matchax
Node
dlinkdir-855l_firmwareMatch-
AND
dlinkdir-855lMatch-
Node
dlinkdap-1533_firmwareMatch-
AND
dlinkdap-1533Match-
Node
dlinkdir-862l_firmwareMatch-
AND
dlinkdir-862lMatch-
Node
dlinkdir-615_firmwareMatch-
AND
dlinkdir-615Match-
Node
dlinkdir-835_firmwareMatch-
AND
dlinkdir-835Match-
Node
dlinkdir-825_firmwareMatch-
AND
dlinkdir-825Match-
VendorProductVersionCPE
dlinkdir-655_firmware*cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*
dlinkdir-655cxcpe:2.3:h:dlink:dir-655:cx:*:*:*:*:*:*:*
dlinkdir-866l_firmware*cpe:2.3:o:dlink:dir-866l_firmware:*:*:*:*:*:*:*:*
dlinkdir-866laxcpe:2.3:h:dlink:dir-866l:ax:*:*:*:*:*:*:*
dlinkdir-652_firmware-cpe:2.3:o:dlink:dir-652_firmware:-:*:*:*:*:*:*:*
dlinkdir-652axcpe:2.3:h:dlink:dir-652:ax:*:*:*:*:*:*:*
dlinkdhp-1565_firmware*cpe:2.3:o:dlink:dhp-1565_firmware:*:*:*:*:*:*:*:*
dlinkdhp-1565axcpe:2.3:h:dlink:dhp-1565:ax:*:*:*:*:*:*:*
dlinkdir-855l_firmware-cpe:2.3:o:dlink:dir-855l_firmware:-:*:*:*:*:*:*:*
dlinkdir-855l-cpe:2.3:h:dlink:dir-855l:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 201

Social References

More

Related

githubexploit 1
nuclei 1
cvelist 1
cisa 1
attackerkb 1
checkpoint_advisories 1
openvas 3
cert 1
cisa_kev 1
nessus 1
prion 1
nvd 1
symantec 1
threatpost 4
ics 2
githubexploit
githubexploit
Exploit for OS Command Injection in Dlink Dir-655 Firmware
2019-10-15 17:54:03
nuclei
nuclei
D-Link Routers - Remote Code Execution
2020-10-01 08:21:26
cvelist
cvelist
CVE-2019-16920
2019-09-27 11:34:12
cisa
cisa
EOL D-Link Routers Vulnerable to Remote Command Execution
2019-10-24 00:00:00
attackerkb
attackerkb
CVE-2019-16920
2019-09-27 00:00:00
checkpoint_advisories
checkpoint_advisories
D-Link Routers Remote Code Execution (CVE-2019-16920)
2022-04-19 00:00:00
openvas
openvas
D-Link Multiple DIR Devices RCE Vulnerability (Sep 2019)
2023-02-24 00:00:00
D-Link DHP-1565 Devices RCE Vulnerability (Sep 2019)
2023-02-24 00:00:00
D-Link DAP-1533 Devices RCE Vulnerability (Sep 2019)
2023-02-24 00:00:00
cert
cert
Multiple D-Link routers vulnerable to remote command execution
2019-10-23 00:00:00
cisa_kev
cisa_kev
D-Link Multiple Routers Command Injection Vulnerability
2022-03-25 00:00:00
nessus
nessus
D-Link Routers Unauthenticated RCE (CVE-2019-16920)
2022-11-03 00:00:00
prion
prion
Command injection
2019-09-27 12:15:00
nvd
nvd
CVE-2019-16920
2019-09-27 12:15:10
symantec
symantec
Multiple D-Link Products CVE-2019-16920 Remote Command Injection Vulnerability
2019-09-27 00:00:00
threatpost
threatpost
D-Link Adds More Buggy Router Models to β€˜Won’t Fix’ List
2019-11-19 21:52:34
D-Link Home Routers Open to Remote Takeover Will Remain Unpatched
2019-10-07 18:16:31
D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant
2021-03-05 15:55:41
ics
ics
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
2022-06-10 12:00:00
Potential for China Cyber Response to Heightened U.S.–China Tensions
2020-10-20 12:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.97

Percentile

99.8%

JSON
Related for CVE-2019-16920
githubexploit1nuclei1cvelist1cisa1attackerkb1checkpoint_advisories1openvas3cert1cisa_kev1nessus1prion1nvd1symantec1threatpost4ics2