Exploit for #VU21624 OS Command Injection in D-Link Hardware solutions

Exploit for #VU21624 OS Command Injection in D-Link Hardware solutions

Published: 2020-03-18 | Updated: 2020-04-27

Vulnerability identifier: #VU21624

Vulnerability risk: High

CVSSv3.1: 9.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C]

CVE-ID: CVE-2019-16920

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 2

April 27, 2020
- CVE-2019-16920-MassPwn3r (Exploit and Mass Pwn3r for CVE-2019-16920) [Github]
March 18, 2020
- CVE-2019-16920-MassPwn3r (Exploit and Mass Pwn3r for CVE-2019-16920) [Github]

Impact: Code execution

Vulnerable software:
DHP-1565
Hardware solutions / Routers & switches, VoIP, GSM, etc
DIR-652
Hardware solutions / Routers & switches, VoIP, GSM, etc
DIR-866L
Hardware solutions / Routers & switches, VoIP, GSM, etc
DIR-655
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: D-Link