CVE-2020-15893

CRITICAL EXPLOITED

D-Link DIR-816L Firmware 2.x - OS Command Injection via UPnP SSDP M-SEARCH ST Field

Title source: llm

Exploitation Summary

CVE-2020-15893 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit, including a Metasploit module exploits/linux/upnp/dlink_upnp_msearch_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in multiple D-Link routers via a crafted UPnP M-SEARCH packet. It allows unauthenticated remote code execution with root privileges by injecting payloads into the ST field of the SSDP packet.

Description

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/upnp/dlink_upnp_msearch_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in multiple D-Link routers via a crafted UPnP M-SEARCH packet. It allows unauthenticated remote code execution with root privileges by injecting payloads into the ST field of the SSDP packet.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: D-Link Router models (various, including DIR-300, DIR-600, DIR-815, etc.) with vulnerable firmware versions

No auth needed

Prerequisites: Network access to the target device's UPnP service (port 1900/UDP) · UPnP enabled on the target device

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169

Exploit, Third Party Advisory x_refsource_misc

https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/

Scores

CVSS v3 9.8

EPSS 0.2086

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2020-11-06

CWE

CWE-78

Status published

Products (2)

dlink/dir-816l_firmware 2.06

dlink/dir-816l_firmware 2.06.b09 beta

Published Jul 22, 2020

Tracked Since Feb 18, 2026