CVE-2019-16920

critical-risk

Published 2019-09-27

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

Do I need to act?

94.3% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (10)

Dir-655 Firmware

Dir-866L Firmware

Dir-652 Firmware

Dhp-1565 Firmware

Dir-855L Firmware

Dap-1533 Firmware

Dir-862L Firmware

Dir-615 Firmware

Dir-835 Firmware

Dir-825 Firmware

Affected Vendors

Dlink

References (9)

Broken Link https://fortiguard.com/zeroday/FG-VD-19-117

Exploit https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-1692...

Third Party Advisory https://www.kb.cert.org/vuls/id/766427

Exploit https://www.seebug.org/vuldb/ssvid-98079

Broken Link https://fortiguard.com/zeroday/FG-VD-19-117

Exploit https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-1692...

Third Party Advisory https://www.kb.cert.org/vuls/id/766427

Exploit https://www.seebug.org/vuldb/ssvid-98079

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-...

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 16/34 · Moderate