2 results (0.018 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. Los dispositivos D-Link DIR-866L versión 1.03B04, permiten un ataque de tipo XSS por medio de la función HtmlResponseMessage en la interfaz gateway común del dispositivo, conllevando a una inyección común. • https://fortiguard.com/zeroday/FG-VD-19-116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 97%CPEs: 8EXPL: 1

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. La ejecución de código remota no autenticada se presenta en productos D-Link tales como DIR-655C, DIR-866L, DIR-652, y DHP-1565. • https://github.com/eniac888/CVE-2019-16920-MassPwn3r https://fortiguard.com/zeroday/FG-VD-19-117 https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 https://www.kb.cert.org/vuls/id/766427 https://www.seebug.org/vuldb/ssvid-98079 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •