vulnerability

D-Link DIR (CVE-2019-16920): D-Link Multiple Routers Command Injection Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	09/27/2019	07/01/2024	07/03/2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

09/27/2019

Added

07/01/2024

Modified

07/03/2024

Description

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

Solution

dlink-retire-device

References

CVE-2019-16920
https://attackerkb.com/topics/CVE-2019-16920

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today