Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
References
Link | Resource |
---|---|
https://fortiguard.com/zeroday/FG-VD-19-117 | Broken Link Third Party Advisory |
https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 | Exploit Third Party Advisory |
https://www.kb.cert.org/vuls/id/766427 | Third Party Advisory US Government Resource |
https://www.seebug.org/vuldb/ssvid-98079 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
16 Jul 2024, 17:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-825_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-615_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-835_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dap-1533:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-855l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-862l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-855l_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dap-1533_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-862l_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-835:-:*:*:*:*:*:*:* |
|
First Time |
Dlink dir-862l Firmware
Dlink dir-615 Dlink dir-855l Firmware Dlink dir-615 Firmware Dlink dir-825 Firmware Dlink dir-855l Dlink dir-835 Firmware Dlink dir-825 Dlink dap-1533 Dlink dap-1533 Firmware Dlink dir-862l Dlink dir-835 |
|
References | () https://fortiguard.com/zeroday/FG-VD-19-117 - Broken Link, Third Party Advisory | |
References | () https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 - Exploit, Third Party Advisory | |
References | () https://www.kb.cert.org/vuls/id/766427 - Third Party Advisory, US Government Resource | |
References | () https://www.seebug.org/vuldb/ssvid-98079 - Exploit, Third Party Advisory |
07 Nov 2023, 03:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-09-27 12:15
Updated : 2024-07-16 17:54
NVD link : CVE-2019-16920
Mitre link : CVE-2019-16920
CVE.ORG link : CVE-2019-16920
JSON object : View
Products Affected
dlink
- dap-1533_firmware
- dir-866l
- dir-615
- dir-855l_firmware
- dir-655_firmware
- dir-655
- dir-862l
- dir-615_firmware
- dir-825_firmware
- dap-1533
- dhp-1565_firmware
- dir-652
- dhp-1565
- dir-866l_firmware
- dir-855l
- dir-825
- dir-652_firmware
- dir-835_firmware
- dir-862l_firmware
- dir-835
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')