Vulnerability Details : CVE-2019-16920
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
Vulnerability category: Execute code
Products affected by CVE-2019-16920
- cpe:2.3:o:dlink:dir-615_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-866l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-652_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dhp-1565_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-825_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-855l_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dap-1533_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-862l_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-835_firmware:-:*:*:*:*:*:*:*
CVE-2019-16920 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
D-Link Multiple Routers Command Injection Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-16920
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2019-16920
96.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-16920
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-16920
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-16920
-
https://www.kb.cert.org/vuls/id/766427
VU#766427 - Multiple D-Link routers vulnerable to remote command executionThird Party Advisory;US Government Resource
-
https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3
Determine the device model affected by CVE-2019–16920 by ZoomEye
-
https://www.seebug.org/vuldb/ssvid-98079
Exploit;Third Party Advisory
-
https://fortiguard.com/zeroday/FG-VD-19-117
Fortinet Discovers D-Link DIR-866L Unauthenticated RCE Vulnerability | FortiGuardBroken Link;Third Party Advisory
-
https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3
Determine the device model affected by CVE-2019–16920 by ZoomEye | by heige | MediumExploit;Third Party Advisory
Jump to