Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-16920

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

Published

2019-09-27T12:15:10.017

Last Modified

2025-04-03T19:51:22.680

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78
Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dir-655_firmware	≤ 3.02b05	Yes
Hardware	dlink	dir-655	cx	No
Operating System	dlink	dir-866l_firmware	≤ 1.03b04	Yes
Hardware	dlink	dir-866l	ax	No
Operating System	dlink	dir-652_firmware	-	Yes
Hardware	dlink	dir-652	ax	No
Operating System	dlink	dhp-1565_firmware	≤ 1.01	Yes
Hardware	dlink	dhp-1565	ax	No
Operating System	dlink	dir-855l_firmware	-	Yes
Hardware	dlink	dir-855l	-	No
Operating System	dlink	dap-1533_firmware	-	Yes
Hardware	dlink	dap-1533	-	No
Operating System	dlink	dir-862l_firmware	-	Yes
Hardware	dlink	dir-862l	-	No
Operating System	dlink	dir-615_firmware	-	Yes
Hardware	dlink	dir-615	-	No
Operating System	dlink	dir-835_firmware	-	Yes
Hardware	dlink	dir-835	-	No
Operating System	dlink	dir-825_firmware	-	Yes
Hardware	dlink	dir-825	-	No

References

https://fortiguard.com/zeroday/FG-VD-19-117 Broken Link, Third Party Advisory ([email protected])
https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 Exploit, Third Party Advisory ([email protected])
https://www.kb.cert.org/vuls/id/766427 Third Party Advisory, US Government Resource ([email protected])
https://www.seebug.org/vuldb/ssvid-98079 Exploit, Third Party Advisory ([email protected])
https://fortiguard.com/zeroday/FG-VD-19-117 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/766427 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.seebug.org/vuldb/ssvid-98079 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)