CVE-2019-16920 - OpenCVE

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dap-1533 Dap-1533 Firmware Dhp-1565 Dhp-1565 Firmware Dir-615 Dir-615 Firmware Dir-652 Dir-652 Firmware Dir-655 Dir-655 Firmware Dir-825 Dir-825 Firmware Dir-835 Dir-835 Firmware Dir-855l Dir-855l Firmware Dir-862l Dir-862l Firmware Dir-866l Dir-866l Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-655:cx:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dlink:dir-866l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-866l:ax:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dlink:dir-652_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-652:ax:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dlink:dhp-1565_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dhp-1565:ax:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dlink:dir-855l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-855l:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dlink:dap-1533_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-1533:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dlink:dir-862l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-862l:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dlink:dir-615_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dlink:dir-835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-835:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dlink:dir-825_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://fortiguard.com/zeroday/FG-VD-19-117
https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3
https://www.kb.cert.org/vuls/id/766427
https://www.seebug.org/vuldb/ssvid-98079

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-27T11:34:12

Updated: 2024-08-05T01:24:48.593Z

Reserved: 2019-09-27T00:00:00

Link: CVE-2019-16920

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-09-27T12:15:10.017

Modified: 2024-07-16T17:54:26.153

Link: CVE-2019-16920

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object