CVE-2019-16920

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-655:cx:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dir-866l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-866l:ax:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dlink:dir-652_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-652:ax:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dhp-1565_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dhp-1565:ax:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dlink:dir-855l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-855l:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dlink:dap-1533_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1533:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dlink:dir-862l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-862l:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dlink:dir-615_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dlink:dir-835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-835:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dlink:dir-825_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:31

Type Values Removed Values Added
References () https://fortiguard.com/zeroday/FG-VD-19-117 - Broken Link, Third Party Advisory () https://fortiguard.com/zeroday/FG-VD-19-117 - Broken Link, Third Party Advisory
References () https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 - Exploit, Third Party Advisory () https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 - Exploit, Third Party Advisory
References () https://www.kb.cert.org/vuls/id/766427 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/766427 - Third Party Advisory, US Government Resource
References () https://www.seebug.org/vuldb/ssvid-98079 - Exploit, Third Party Advisory () https://www.seebug.org/vuldb/ssvid-98079 - Exploit, Third Party Advisory

16 Jul 2024, 17:54

Type Values Removed Values Added
First Time Dlink dir-862l Firmware
Dlink dir-615
Dlink dir-855l Firmware
Dlink dir-615 Firmware
Dlink dir-825 Firmware
Dlink dir-855l
Dlink dir-835 Firmware
Dlink dir-825
Dlink dap-1533
Dlink dap-1533 Firmware
Dlink dir-862l
Dlink dir-835
CPE cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-825_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-615_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1533:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-855l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-862l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-855l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1533_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-862l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-835:-:*:*:*:*:*:*:*
References () https://fortiguard.com/zeroday/FG-VD-19-117 - Third Party Advisory () https://fortiguard.com/zeroday/FG-VD-19-117 - Broken Link, Third Party Advisory
References () https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 - () https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 - Exploit, Third Party Advisory
References () https://www.kb.cert.org/vuls/id/766427 - () https://www.kb.cert.org/vuls/id/766427 - Third Party Advisory, US Government Resource
References () https://www.seebug.org/vuldb/ssvid-98079 - () https://www.seebug.org/vuldb/ssvid-98079 - Exploit, Third Party Advisory

07 Nov 2023, 03:06

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3', 'name': 'https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3', 'tags': [], 'refsource': 'MISC'}
  • () https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 -

Information

Published : 2019-09-27 12:15

Updated : 2024-11-21 04:31


NVD link : CVE-2019-16920

Mitre link : CVE-2019-16920

CVE.ORG link : CVE-2019-16920


JSON object : View

Products Affected

dlink

  • dir-615
  • dir-652_firmware
  • dir-862l
  • dir-835
  • dir-825_firmware
  • dir-862l_firmware
  • dir-866l_firmware
  • dir-615_firmware
  • dir-652
  • dap-1533
  • dir-655_firmware
  • dhp-1565_firmware
  • dir-855l
  • dhp-1565
  • dir-866l
  • dir-855l_firmware
  • dap-1533_firmware
  • dir-835_firmware
  • dir-655
  • dir-825
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')