Unrated severityCISA KEVNVD Advisory· Published Sep 27, 2019· Updated Oct 21, 2025
CVE-2019-16920
CVE-2019-16920
Description
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- D-Link/DIR-655Cdescription
Patches
Vulnerability mechanics
References
4- www.kb.cert.org/vuls/id/766427mitrethird-party-advisoryx_refsource_CERT-VN
- fortiguard.com/zeroday/FG-VD-19-117mitrex_refsource_MISC
- medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3mitrex_refsource_MISC
- www.seebug.org/vuldb/ssvid-98079mitrex_refsource_MISC
News mentions
1- RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning ExploitsTrend Micro Research · Oct 9, 2025