CVE-2019-16920
CVE-2019-16920
In short
D-Link routers have a critical flaw where attackers can send specially crafted commands to a network diagnostic tool without needing a password, allowing them to take complete control of the device.
Technical detail
Unauthenticated command injection vulnerability in the PingTest CGI endpoint allows remote attackers to execute arbitrary OS commands via malicious input, leading to full system compromise. The vulnerability requires network access to the affected device but no authentication credentials. Exploitation results in complete device takeover with root privileges.
Summary generated and translated by AI from the official description.
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/eniac888/CVE-2019-16920-MassPwn3r★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://fortiguard.com/zeroday/FG-VD-19-117https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-16920https://www.kb.cert.org/vuls/id/766427https://www.seebug.org/vuldb/ssvid-98079