The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
Published 2019-09-16 12:15:11
Updated 2019-09-16 19:58:29
Source MITRE
View at NVD,   CVE.org

Products affected by CVE-2019-16057

CVE-2019-16057 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
D-Link DNS-320 Remote Code Execution Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-16057
Added on 2022-04-15 Action due date 2022-05-06

Exploit prediction scoring system (EPSS) score for CVE-2019-16057

97.56%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-16057

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2019-16057

References for CVE-2019-16057

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!