← Voltar para CVEs
CVE-2019-16920
CRITICALCISA KEV9.8
Descricao
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/27/2019
Ultima modificacao11/7/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorD-Link
ProdutoMultiple Routers
Nome da vulnerabilidadeD-Link Multiple Routers Command Injection Vulnerability
Data inclusao KEV2022-03-25
Prazo de remediacao2022-04-15
Uso em ransomwareUnknown
Produtos afetados
dlink:dap-1533dlink:dap-1533_firmwaredlink:dhp-1565dlink:dhp-1565_firmwaredlink:dir-615dlink:dir-615_firmwaredlink:dir-652dlink:dir-652_firmwaredlink:dir-655dlink:dir-655_firmwaredlink:dir-825dlink:dir-825_firmwaredlink:dir-835dlink:dir-835_firmwaredlink:dir-855ldlink:dir-855l_firmwaredlink:dir-862ldlink:dir-862l_firmwaredlink:dir-866ldlink:dir-866l_firmware
Fraquezas (CWE)
CWE-78CWE-78
Referencias
https://fortiguard.com/zeroday/FG-VD-19-117(cve@mitre.org)
https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3(cve@mitre.org)
https://www.kb.cert.org/vuls/id/766427(cve@mitre.org)
https://www.seebug.org/vuldb/ssvid-98079(cve@mitre.org)
https://fortiguard.com/zeroday/FG-VD-19-117(af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/766427(af854a3a-2127-422b-91ae-364da2661108)
https://www.seebug.org/vuldb/ssvid-98079(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-16920(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.