CVE-2019-16920

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://fortiguard.com/zeroday/FG-VD-19-117	Third Party Advisory
https://www.seebug.org/vuldb/ssvid-98079
https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3
https://www.kb.cert.org/vuls/id/766427

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-655:cx:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dir-866l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-866l:ax:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dlink:dir-652_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-652:ax:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dlink:dhp-1565_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dhp-1565:ax:*:*:*:*:*:*:*

Information

Published : 2019-09-27 05:15

Updated : 2019-10-10 14:15

NVD link : CVE-2019-16920

Mitre link : CVE-2019-16920

JSON object : View

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

Products Affected

dlink

dhp-1565
dir-655
dir-652_firmware
dir-652
dhp-1565_firmware
dir-655_firmware
dir-866l_firmware
dir-866l

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/zeroday/FG-VD-19-117", "name": "https://fortiguard.com/zeroday/FG-VD-19-117", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.seebug.org/vuldb/ssvid-98079", "name": "https://www.seebug.org/vuldb/ssvid-98079", "tags": [], "refsource": "MISC"}, {"url": "https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3", "name": "https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3", "tags": [], "refsource": "MISC"}, {"url": "https://www.kb.cert.org/vuls/id/766427", "name": "VU#766427", "tags": [], "refsource": "CERT-VN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a \"PingTest\" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-78"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-16920", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2019-09-27T12:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.02b05"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dlink:dir-655:cx:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dlink:dir-866l_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.03b04"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dlink:dir-866l:ax:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dlink:dir-652_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dlink:dir-652:ax:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dlink:dhp-1565_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.01"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dlink:dhp-1565:ax:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-10T21:15Z"}