Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
References
Link | Resource |
---|---|
https://fortiguard.com/zeroday/FG-VD-19-117 | Broken Link Third Party Advisory |
https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 | Exploit Third Party Advisory |
https://www.kb.cert.org/vuls/id/766427 | Third Party Advisory US Government Resource |
https://www.seebug.org/vuldb/ssvid-98079 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
16 Jul 2024, 17:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://fortiguard.com/zeroday/FG-VD-19-117 - Broken Link, Third Party Advisory | |
References | () https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 - Exploit, Third Party Advisory | |
References | () https://www.kb.cert.org/vuls/id/766427 - Third Party Advisory, US Government Resource | |
References | () https://www.seebug.org/vuldb/ssvid-98079 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-862l_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dap-1533_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-862l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-615_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-835_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-835:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-855l_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-855l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-825_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dap-1533:-:*:*:*:*:*:*:* |
|
First Time |
Dlink dir-615
Dlink dir-835 Dlink dir-862l Firmware Dlink dap-1533 Firmware Dlink dir-825 Dlink dir-862l Dlink dir-615 Firmware Dlink dir-825 Firmware Dlink dap-1533 Dlink dir-855l Dlink dir-835 Firmware Dlink dir-855l Firmware |
Information
Published : 2019-09-27 12:15
Updated : 2024-07-16 17:54
NVD link : CVE-2019-16920
Mitre link : CVE-2019-16920
CVE.ORG link : CVE-2019-16920
JSON object : View
Products Affected
dlink
- dir-835_firmware
- dap-1533
- dhp-1565_firmware
- dir-862l
- dir-615
- dir-655
- dap-1533_firmware
- dir-615_firmware
- dir-825_firmware
- dhp-1565
- dir-855l_firmware
- dir-862l_firmware
- dir-835
- dir-652_firmware
- dir-825
- dir-855l
- dir-652
- dir-655_firmware
- dir-866l
- dir-866l_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')