Search criteria
1 vulnerability found for dir-652 by dlink
VAR-201909-0903
Vulnerability from variot - Updated: 2024-04-19 22:50Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-655C, etc. are all wireless routers from Taiwan D-Link. Attackers can use this vulnerability to inject commands to invade the system. The following products and versions are affected: D-Link DIR-655C; DIR-866L; DIR-652; DHP-1565, etc.
Exploiting this issue could allow an malicious user to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0903",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-652",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dhp-1565",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-652",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-866l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-866l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b04"
},
{
"model": "dhp-1565",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01"
},
{
"model": "dir-655",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.02b05"
},
{
"model": "dir-655",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-655c",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-652",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "ax"
},
{
"model": "dir-655",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "cx"
},
{
"model": "dir-866l",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "ax"
},
{
"model": "dhp-1565",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "ax"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.02b05",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-655:cx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-866l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03b04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-866l:ax:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-652_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-652:ax:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dhp-1565_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dhp-1565:ax:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"cve": "CVE-2019-16920",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-16920",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-33820",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-149115",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-16920",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-16920",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-33820",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1326",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-149115",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-16920",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a \"PingTest\" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-655C, etc. are all wireless routers from Taiwan D-Link. Attackers can use this vulnerability to inject commands to invade the system. The following products and versions are affected: D-Link DIR-655C; DIR-866L; DIR-652; DHP-1565, etc. \n \nExploiting this issue could allow an malicious user to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16920"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "VULMON",
"id": "CVE-2019-16920"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16920",
"trust": 3.2
},
{
"db": "SEEBUG",
"id": "SSVID-98079",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#766427",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU95198984",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-33820",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149115",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-16920",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"id": "VAR-201909-0903",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
}
],
"trust": 1.316031752
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33820"
}
]
},
"last_update_date": "2024-04-19T22:50:22.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/consumer"
},
{
"title": "myscan",
"trust": 0.1,
"url": "https://github.com/amcai/myscan "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://fortiguard.com/zeroday/fg-vd-19-117"
},
{
"trust": 1.7,
"url": "https://www.seebug.org/vuldb/ssvid-98079"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/766427"
},
{
"trust": 1.0,
"url": "https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16920"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95198984/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16920"
},
{
"trust": 0.7,
"url": "https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"date": "2019-09-27T00:00:00",
"db": "VULHUB",
"id": "VHN-149115"
},
{
"date": "2019-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"date": "2019-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"date": "2019-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"date": "2019-09-27T12:15:10.017000",
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"date": "2019-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-149115"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"date": "2019-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"date": "2019-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"date": "2023-11-07T03:06:03.387000",
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link In product OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
}
],
"trust": 0.6
}
}