CVE-2019-16920

Name of the Vulnerable Software and Affected Versions D-Link DIR-655C versions D-Link DIR-866L versions D-Link DIR-652 versions D-Link DHP-1565 versions D-Link DIR-855L versions D-Link DAP-1533 versions D-Link DIR-862L versions D-Link DIR-615 versions D-Link DIR-835 versions D-Link DIR-825 versions

Description Unauthenticated remote code execution occurs in D-Link products. The issue occurs when an attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to command injection. An attacker who successfully triggers the command injection could achieve full system compromise. This is done by sending a specially crafted HTTP POST request through PingTest.

Recommendations For D-Link DIR-655C, consider disabling the PingTest interface until a patch is available. For D-Link DIR-866L, restrict access to the PingTest handler to minimize the risk of exploitation. For D-Link DIR-652, avoid using the PingTest command until the issue is resolved. For D-Link DHP-1565, consider disabling the PingTest function until a patch is available. For D-Link DIR-855L, restrict access to the PingTest interface to minimize the risk of exploitation. For D-Link DAP-1533, avoid using the PingTest command until the issue is resolved. For D-Link DIR-862L, consider disabling the PingTest handler until a patch is available. For D-Link DIR-615, restrict access to the PingTest interface to minimize the risk of exploitation. For D-Link DIR-835, avoid using the PingTest command until the issue is resolved. For D-Link DIR-825, consider disabling the PingTest function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.