CVE-2019-20499

Name of the Vulnerable Software and Affected Versions D-Link DWL-2600AP version 4.2.0.15 Rev A

Description The issue is an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface. This can be exploited by using shell metacharacters in the configRestore or configServerip parameter of the admin.cgi?action=config restore endpoint.

Recommendations For D-Link DWL-2600AP version 4.2.0.15 Rev A, as a temporary workaround, consider restricting access to the Restore Configuration functionality in the Web interface until a patch is available. Avoid using shell metacharacters in the configRestore or configServerip parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.