Vulnerabilites related to dlink - dir-655_firmware
cve-2019-13560
Vulnerability from cvelistv5
Published
2019-07-11 14:59
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/setupwizard.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T14:59:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/setupwizard.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf",
"refsource": "MISC",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"name": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/setupwizard.txt",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/setupwizard.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13560",
"datePublished": "2019-07-11T14:59:02",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13562
Vulnerability from cvelistv5
Published
2019-07-11 14:59
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T14:59:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf",
"refsource": "MISC",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"name": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13562",
"datePublished": "2019-07-11T14:59:27",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16920
Vulnerability from cvelistv5
Published
2019-09-27 11:34
Modified
2025-02-04 20:04
Severity ?
EPSS score ?
Summary
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/zeroday/FG-VD-19-117 | x_refsource_MISC | |
| https://www.seebug.org/vuldb/ssvid-98079 | x_refsource_MISC | |
| https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/766427 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seebug.org/vuldb/ssvid-98079"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3"
},
{
"name": "VU#766427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/766427"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-16920",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:04:10.590560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16920"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:04:50.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a \"PingTest\" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T19:06:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seebug.org/vuldb/ssvid-98079"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3"
},
{
"name": "VU#766427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/766427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a \"PingTest\" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/zeroday/FG-VD-19-117",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-19-117"
},
{
"name": "https://www.seebug.org/vuldb/ssvid-98079",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-98079"
},
{
"name": "https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3",
"refsource": "MISC",
"url": "https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3"
},
{
"name": "VU#766427",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/766427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16920",
"datePublished": "2019-09-27T11:34:12.000Z",
"dateReserved": "2019-09-27T00:00:00.000Z",
"dateUpdated": "2025-02-04T20:04:50.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13563
Vulnerability from cvelistv5
Published
2019-07-11 14:59
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/csrf.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T14:59:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/csrf.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf",
"refsource": "MISC",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"name": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/csrf.txt",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/csrf.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13563",
"datePublished": "2019-07-11T14:59:38",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13561
Vulnerability from cvelistv5
Published
2019-07-11 14:59
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/commandinjection.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T14:59:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/commandinjection.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf",
"refsource": "MISC",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"name": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/commandinjection.txt",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/commandinjection.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13561",
"datePublished": "2019-07-11T14:59:14",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-07-11 15:15
Modified
2024-11-21 04:25
Severity ?
Summary
D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-655_firmware | 3.02b05 | |
| dlink | dir-655 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-655_firmware:3.02b05:*:*:*:*:*:*:*",
"matchCriteriaId": "802545DF-DFA9-42E8-87EF-3FBA0BB58F96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-655:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86A9FA74-993E-47DC-B3E7-84D336950E81",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter."
},
{
"lang": "es",
"value": "Los dispositivos DIR-655 C anterior a versi\u00f3n 3.02B05 BETA03 de D-Link, permiten una vulnerabilidad de tipo XSS, como es demostrado por el par\u00e1metro ping_ipaddr del archivo /www/ping_response.cgi, el par\u00e1metro ping6_ipaddr del archivo /www/ping6_response.cgi, y el par\u00e1metro html_response_return_page del archivo /www/apply_sec.cgi."
}
],
"id": "CVE-2019-13562",
"lastModified": "2024-11-21T04:25:10.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-11T15:15:11.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-11 15:15
Modified
2024-11-21 04:25
Severity ?
Summary
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-655_firmware | 3.02b05 | |
| dlink | dir-655 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-655_firmware:3.02b05:*:*:*:*:*:*:*",
"matchCriteriaId": "802545DF-DFA9-42E8-87EF-3FBA0BB58F96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-655:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86A9FA74-993E-47DC-B3E7-84D336950E81",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter."
},
{
"lang": "es",
"value": "Los dispositivos DIR-655 C anterior a versi\u00f3n 3.02B05 BETA03 de D-Link, permiten que los atacantes remotos ejecuten comandos arbitrarios por medio de metacaracteres de shell en el par\u00e1metro check_fw_url del archivo online_firmware_check.cgi."
}
],
"id": "CVE-2019-13561",
"lastModified": "2024-11-21T04:25:10.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-11T15:15:11.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/commandinjection.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/commandinjection.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-27 12:15
Modified
2025-02-04 20:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://fortiguard.com/zeroday/FG-VD-19-117 | Broken Link, Third Party Advisory | |
| cve@mitre.org | https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.kb.cert.org/vuls/id/766427 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.seebug.org/vuldb/ssvid-98079 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/zeroday/FG-VD-19-117 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/766427 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seebug.org/vuldb/ssvid-98079 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-655_firmware | * | |
| dlink | dir-655 | cx | |
| dlink | dir-866l_firmware | * | |
| dlink | dir-866l | ax | |
| dlink | dir-652_firmware | - | |
| dlink | dir-652 | ax | |
| dlink | dhp-1565_firmware | * | |
| dlink | dhp-1565 | ax | |
| dlink | dir-855l_firmware | - | |
| dlink | dir-855l | - | |
| dlink | dap-1533_firmware | - | |
| dlink | dap-1533 | - | |
| dlink | dir-862l_firmware | - | |
| dlink | dir-862l | - | |
| dlink | dir-615_firmware | - | |
| dlink | dir-615 | - | |
| dlink | dir-835_firmware | - | |
| dlink | dir-835 | - | |
| dlink | dir-825_firmware | - | |
| dlink | dir-825 | - |
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
"cisaVulnerabilityName": "D-Link Multiple Routers Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525853B4-1C30-4D96-AD4F-26FD77469B33",
"versionEndIncluding": "3.02b05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-655:cx:*:*:*:*:*:*:*",
"matchCriteriaId": "8F90F9E0-0F90-4AFD-868C-370882C47248",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-866l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA174575-0468-4AB1-A504-B5AA559D3219",
"versionEndIncluding": "1.03b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-866l:ax:*:*:*:*:*:*:*",
"matchCriteriaId": "52177D2B-D7F8-4351-A169-FDF6A5FBF44D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-652_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1147272F-0F23-4606-A84E-CA971414C65B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-652:ax:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4D52D3-71FD-4D29-881A-393B35F3DB65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dhp-1565_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "369D2C8E-89F1-4E03-8DA0-BA2DB1245569",
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dhp-1565:ax:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFB86EA-966B-4DB3-9B81-198878D76573",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-855l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "239F0015-2834-4DBB-B115-58871D0FF764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-855l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB62BC4-69BC-40D7-A8E7-F5728B827250",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dap-1533_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7D656D-47B5-4269-A155-741D60F818CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dap-1533:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3E4627-940F-4859-BC67-B6229BC0AFD8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-862l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "380A4761-5474-4F52-A4EE-62844D5EE82C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-862l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0552E33F-BB39-4701-B91A-1DB33992505C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-615_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C55E6D4-820D-469F-A343-635A621C0D7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E92E959-C211-4979-A233-163BEFCF6F0D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFE0993-C19A-4C60-B8C6-E549D748537A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B91013-E79E-4076-916D-D52D6E417EA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-825_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC49DA6-D1F4-4A2A-904E-907356F3C804",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038F8A9-03F3-4442-B371-84801EF05447",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a \"PingTest\" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825."
},
{
"lang": "es",
"value": "La ejecuci\u00f3n de c\u00f3digo remota no autenticada se presenta en productos D-Link tales como DIR-655C, DIR-866L, DIR-652, y DHP-1565. El problema se presenta cuando el atacante env\u00eda una entrada arbitraria hacia una interfaz de la puerta de enlace com\u00fan del dispositivo \"PingTest\" que podr\u00eda conllevar a una inyecci\u00f3n com\u00fan. Un atacante que activa con \u00e9xito la inyecci\u00f3n de comando podr\u00eda lograr un compromiso total del sistema. Despu\u00e9s, se descubri\u00f3 de manera independiente que estos tambi\u00e9n se ven afectados: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835 y DIR-825."
}
],
"id": "CVE-2019-16920",
"lastModified": "2025-02-04T20:15:32.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-09-27T12:15:10.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-117"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/766427"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.seebug.org/vuldb/ssvid-98079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/766427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.seebug.org/vuldb/ssvid-98079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-11 15:15
Modified
2024-11-21 04:25
Severity ?
Summary
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-655_firmware | 3.02b05 | |
| dlink | dir-655 | c1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-655_firmware:3.02b05:*:*:*:*:*:*:*",
"matchCriteriaId": "802545DF-DFA9-42E8-87EF-3FBA0BB58F96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-655:c1:*:*:*:*:*:*:*",
"matchCriteriaId": "48C3A684-A01B-4CFF-AD26-2EB753301F3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter."
},
{
"lang": "es",
"value": "Los dispositivos DIR-655 C anterior a versi\u00f3n 3.02B05 BETA03 de D-Link, permiten a los atacantes remotos forzar una contrase\u00f1a en blanco por medio del par\u00e1metro setup_wizard del archivo apply_sec.cgi."
}
],
"id": "CVE-2019-13560",
"lastModified": "2024-11-21T04:25:10.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-11T15:15:11.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/setupwizard.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/setupwizard.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-11 15:15
Modified
2024-11-21 04:25
Severity ?
Summary
D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-655_firmware | 3.02b05 | |
| dlink | dir-655 | c1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-655_firmware:3.02b05:*:*:*:*:*:*:*",
"matchCriteriaId": "802545DF-DFA9-42E8-87EF-3FBA0BB58F96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-655:c1:*:*:*:*:*:*:*",
"matchCriteriaId": "48C3A684-A01B-4CFF-AD26-2EB753301F3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console."
},
{
"lang": "es",
"value": "Los dispositivos DIR-655 C anterior a versi\u00f3n 3.02B05 BETA03 de D-Link, permiten una vulnerabilidad de tipo CSRF para toda la consola de administraci\u00f3n."
}
],
"id": "CVE-2019-13563",
"lastModified": "2024-11-21T04:25:10.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-11T15:15:11.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/csrf.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/csrf.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}