V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2019-16920
CVE
Critical KEVConfirmedExploit available

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when th…

CVSS
9.8
Critical
EPSS
1.00
p99
Published
2019-01-01
Updated
2022-03-25
Description

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

Tags · CWE
KEVPre-auth
CWE-78
CAPEC-6
CAPEC-15
CAPEC-43
CAPEC-88
CAPEC-108
Affected products
Dap-1533_firmwareDhp-1565_firmwareDir-615_firmwareDir-652_firmwareDir-655_firmwareDir-825_firmwareDir-835_firmwareDir-855l_firmwareDir-862l_firmwareDir-866l_firmware
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2019-01-01
Published
2022-03-25
Added to KEV
2022-03-25
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
1.000 · p99
Known exploited (KEV)
Yes
Known exploits — Сканер-ВС
CVE-2019-16920
cisa · https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Enterprise
Affected products
D-Link
Dir-615Dir-825Dir-615 FirmwareDir-825 FirmwareDir-655Dir-655 FirmwareDir-866lDhp-1565Dir-652Dir-866l Firmware+10
ProductVendorStatus
dap-1533_firmware*Exploited
dhp-1565_firmware*Exploited
dir-615_firmware*Exploited
dir-652_firmware*Exploited
dir-655_firmware*Exploited
dir-825_firmware*Exploited
dir-835_firmware*Exploited
dir-855l_firmware*Exploited
dir-862l_firmware*Exploited
dir-866l_firmware*Exploited
Source databases
CVE
Related vulnerabilities
BDU:2019-04537