CVSS: 10.0EPSS: 97%CPEs: 8EXPL: 1CVE-2019-16920 – D-Link Multiple Routers Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-16920
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. La ejecución de código remota no autenticada se presenta en productos D-Link tales como DIR-655C, DIR-866L, DIR-652, y DHP-1565. • https://github.com/eniac888/CVE-2019-16920-MassPwn3r https://fortiguard.com/zeroday/FG-VD-19-117 https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 https://www.kb.cert.org/vuls/id/766427 https://www.seebug.org/vuldb/ssvid-98079 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2014-9518
https://notcve.org/view.php?id=CVE-2014-9518
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter. Vulnerabilidad de XSS en login.cgi en D-Link router DIR-655 (rev Bx) con firmware anterior a 2.12b01 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro html_response_page. • http://secunia.com/advisories/61831 http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10048 http://www.securityfocus.com/bid/71772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •