CVE-2019-16920 – D-Link Multiple Routers Command Injection Vulnerability

https://notcve.org/view.php?id=CVE-2019-16920

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. La ejecución de código remota no autenticada se presenta en productos D-Link tales como DIR-655C, DIR-866L, DIR-652, y DHP-1565. • https://github.com/eniac888/CVE-2019-16920-MassPwn3r https://fortiguard.com/zeroday/FG-VD-19-117 https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 https://www.kb.cert.org/vuls/id/766427 https://www.seebug.org/vuldb/ssvid-98079 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •