Unrated severityCISA KEVNVD Advisory· Published Sep 27, 2019· Updated Oct 21, 2025
CVE-2019-16920
CVE-2019-16920
Description
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
Affected products
1- D-Link/DIR-655Cdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.kb.cert.org/vuls/id/766427mitrethird-party-advisoryx_refsource_CERT-VN
- fortiguard.com/zeroday/FG-VD-19-117mitrex_refsource_MISC
- medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3mitrex_refsource_MISC
- www.seebug.org/vuldb/ssvid-98079mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.