CVE-2019-16920

CRITICAL KEV RANSOMWARE NUCLEI

Dlink Dir-655 Firmware < 3.02b05 - OS Command Injection

Title source: rule

Description

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

Exploits (2)

nomisec WORKING POC 1 stars
by eniac888 · remote
https://github.com/eniac888/CVE-2019-16920-MassPwn3r

Nuclei Templates (1)

D-Link Routers - Remote Code Execution
CRITICALby dwisiswant0

References (5)

Scores

CVSS v3 9.8
EPSS 0.9434
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25
VulnCheck KEV 2020-09-16
InTheWild.io 2019-05-07
ENISA EUVD EUVD-2019-7414
Ransomware Use Confirmed
CWE
CWE-78
Status published
Products (10)
dlink/dap-1533_firmware
dlink/dhp-1565_firmware < 1.01
dlink/dir-615_firmware
dlink/dir-652_firmware
dlink/dir-655_firmware < 3.02b05
dlink/dir-825_firmware
dlink/dir-835_firmware
dlink/dir-855l_firmware
dlink/dir-862l_firmware
dlink/dir-866l_firmware < 1.03b04
Published Sep 27, 2019
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026