CVE-2019-16920

CVE Database · CVE-2019-16920

CVE-2019-16920

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

100.00%

Published

Sep 27, 2019

Modified

Nov 7, 2025

CISA Known Exploited Vulnerability

Added: 2022-03-25 · Due: 2022-04-15

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (3)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCeniac888/CVE-2019-16920-MassPwn3r★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (20)

dlink · dir-655_firmwarevulnerable

dlink · dir-655

dlink · dir-866l_firmwarevulnerable

dlink · dir-866l

dlink · dir-652_firmwarevulnerable

dlink · dir-652

dlink · dhp-1565_firmwarevulnerable