CVE-2019-16920
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
Affected Platforms (CPE)
💻
Dlink
Dir 655 Firmware
<= 3.02b05💻
Dlink
Dir 866l Firmware
<= 1.03b04💻
Dlink
Dir 652 Firmware
All versions💻
Dlink
Dhp 1565 Firmware
<= 1.01💻
Dlink
Dir 855l Firmware
All versions💻
Dlink
Dap 1533 Firmware
All versions💻
Dlink
Dir 862l Firmware
All versions💻
Dlink
Dir 615 Firmware
All versions💻
Dlink
Dir 835 Firmware
All versions💻
Dlink