Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
894
VMScore

CVE-2019-16920

Published: 27/09/2019 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 894
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Dir-655 Firmware

Vulnerability Summary

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dlink dir-655_firmware

dlink dir-866l_firmware

dlink dir-652_firmware -

dlink dhp-1565_firmware

References

CWE-78https://fortiguard.com/zeroday/FG-VD-19-117https://www.seebug.org/vuldb/ssvid-98079https://www.kb.cert.org/vuls/id/766427https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/766427
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook