Enhancement: cves/2019/CVE-2019-16920.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-16 09:36:42 -04:00
parent 8ec39595b4
commit ccd2202cd9
1 changed files with 6 additions and 5 deletions

View File

@ -1,14 +1,13 @@
id: CVE-2019-16920
info:
name: Unauthenticated Multiple D-Link Routers RCE
name: D-Link Routers - Remote Code Execution
author: dwisiswant0
severity: critical
description: Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device
common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are
also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
description: D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
reference:
- https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
- https://nvd.nist.gov/vuln/detail/CVE-2019-16920
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -54,3 +53,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/05/16