First published: Fri Sep 27 2019(Updated: )
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-Link Multiple Routers | ||
Dlink Dir-655 Firmware | <=3.02b05 | |
Dlink Dir-655 | =cx | |
Dlink Dir-866l Firmware | <=1.03b04 | |
Dlink Dir-866l | =ax | |
Dlink Dir-652 Firmware | ||
Dlink Dir-652 | =ax | |
Dlink Dhp-1565 Firmware | <=1.01 | |
Dlink Dhp-1565 | =ax | |
All of | ||
Dlink Dir-655 Firmware | <=3.02b05 | |
Dlink Dir-655 | =cx | |
All of | ||
Dlink Dir-866l Firmware | <=1.03b04 | |
Dlink Dir-866l | =ax | |
All of | ||
Dlink Dir-652 Firmware | ||
Dlink Dir-652 | =ax | |
All of | ||
Dlink Dhp-1565 Firmware | <=1.01 | |
Dlink Dhp-1565 | =ax | |
All of | ||
Dlink Dir-855l Firmware | ||
Dlink Dir-855l | ||
All of | ||
Dlink Dap-1533 Firmware | ||
Dlink Dap-1533 | ||
All of | ||
Dlink Dir-862l Firmware | ||
Dlink Dir-862l | ||
All of | ||
Dlink Dir-615 Firmware | ||
Dlink Dir-615 | ||
All of | ||
Dlink Dir-835 Firmware | ||
Dlink Dir-835 | ||
All of | ||
Dlink Dir-825 Firmware | ||
Dlink Dir-825 |
The impacted product is end-of-life and should be disconnected if still in use.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16920 is a command injection vulnerability that allows for unauthenticated remote code execution in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565.
CVE-2019-16920 has a severity rating of 9.8 out of 10, making it a critical vulnerability.
D-Link routers like DIR-655C, DIR-866L, DIR-652, and DHP-1565 are affected by CVE-2019-16920.
An attacker can exploit CVE-2019-16920 by sending an arbitrary input to the 'PingTest' device common gateway interface, leading to command injection and potential remote code execution.
At the moment, there are no known fixes or patches available for CVE-2019-16920. It is recommended to update to the latest firmware or contact the vendor for further assistance.