Vulnerabilites related to dlink - dwl-2600ap
var-202003-0964
Vulnerability from variot
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. D-Link DWL-2600AP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DWL-2600AP is a wireless access device. An attacker could use the vulnerability to execute arbitrary operating system commands on the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0964",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwl-2600ap",
"scope": "eq",
"trust": 1.4,
"vendor": "d link",
"version": "4.2.0.15"
},
{
"model": "d-link dwl-2600ap",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
},
{
"model": "dwl-2600ap",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "4.2.0.15"
},
{
"model": "dwl-2600ap",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-204"
},
{
"db": "NVD",
"id": "CVE-2019-20501"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dwl-2600ap_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014771"
}
]
},
"cve": "CVE-2019-20501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20501",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014771",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-15980",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39412",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39413",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-20501",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014771",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20501",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014771",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-15980",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-39412",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-39413",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-204",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-20501",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20501"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-204"
},
{
"db": "NVD",
"id": "CVE-2019-20501"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. D-Link DWL-2600AP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DWL-2600AP is a wireless access device. An attacker could use the vulnerability to execute arbitrary operating system commands on the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20501"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20501"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20501",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "46841",
"trust": 2.9
},
{
"db": "DLINK",
"id": "SAP10113",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014771",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15980",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152771",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-39412",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152770",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-39413",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46082",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-204",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-20501",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20501"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-204"
},
{
"db": "NVD",
"id": "CVE-2019-20501"
}
]
},
"id": "VAR-202003-0964",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
}
],
"trust": 2.6125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
}
]
},
"last_update_date": "2024-11-23T21:59:23.355000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DWL-2600AP (Rev. Ax : F/W 4.2.0.15 and Older) Multiple Command Injection Vulnerabilities in Web-GUI command Interface",
"trust": 0.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"title": "Patch for D-Link DWL-2600AP Operating System Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/207715"
},
{
"title": "D-Link DWL-2600AP Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111614"
},
{
"title": "Check Point Security Alerts: D-Link DWL-2600AP Command Injection (CVE-2019-20499; CVE-2019-20500; CVE-2019-20501)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=cb705a565cf62a748705a5f82bcc1936"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "VULMON",
"id": "CVE-2019-20501"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-204"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"db": "NVD",
"id": "CVE-2019-20501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.exploit-db.com/exploits/46841"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20501"
},
{
"trust": 1.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10113"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20501"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152771/d-link-dwl-2600ap-upgrade-firmware-command-injection.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152770/d-link-dwl-2600ap-save-configuration-command-injection.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46082"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2019-2938.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20501"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-204"
},
{
"db": "NVD",
"id": "CVE-2019-20501"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20501"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-204"
},
{
"db": "NVD",
"id": "CVE-2019-20501"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"date": "2020-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20501"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"date": "2020-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-204"
},
{
"date": "2020-03-05T15:15:11.317000",
"db": "NVD",
"id": "CVE-2019-20501"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"date": "2023-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20501"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014771"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-204"
},
{
"date": "2024-11-21T04:38:37.753000",
"db": "NVD",
"id": "CVE-2019-20501"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-2600AP Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15980"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-204"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-204"
}
],
"trust": 0.6
}
}
var-202003-0963
Vulnerability from variot
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. D-Link DWL-2600AP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DWL-2600AP is a wireless access device.
D-Link DWL-2600AP Upgrade Firmware has a command injection vulnerability. An attacker could use the vulnerability to execute arbitrary operating system commands on the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0963",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwl-2600ap",
"scope": "eq",
"trust": 1.4,
"vendor": "d link",
"version": "4.2.0.15"
},
{
"model": "d-link dwl-2600ap",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
},
{
"model": "dwl-2600ap",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "4.2.0.15"
},
{
"model": "dwl-2600ap",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-205"
},
{
"db": "NVD",
"id": "CVE-2019-20500"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dwl-2600ap_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
}
]
},
"cve": "CVE-2019-20500",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20500",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014770",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-15981",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39412",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39413",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-20500",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014770",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20500",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014770",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-15981",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-39412",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-39413",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-205",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-20500",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-205"
},
{
"db": "NVD",
"id": "CVE-2019-20500"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. D-Link DWL-2600AP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DWL-2600AP is a wireless access device. \n\nD-Link DWL-2600AP Upgrade Firmware has a command injection vulnerability. An attacker could use the vulnerability to execute arbitrary operating system commands on the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20500"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20500",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "46841",
"trust": 2.9
},
{
"db": "DLINK",
"id": "SAP10113",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014770",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15981",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152771",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-39412",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152770",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-39413",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46081",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-205",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-20500",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-205"
},
{
"db": "NVD",
"id": "CVE-2019-20500"
}
]
},
"id": "VAR-202003-0963",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
}
],
"trust": 2.6125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
}
]
},
"last_update_date": "2024-11-23T21:59:23.271000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DWL-2600AP (Rev. Ax : F/W 4.2.0.15 and Older) Multiple Command Injection Vulnerabilities in Web-GUI command Interface",
"trust": 0.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"title": "Patch for D-Link DWL-2600AP Operating System Command Injection Vulnerability (CNVD-2020-15981)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/207713"
},
{
"title": "D-Link DWL-2600AP Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111615"
},
{
"title": "Check Point Security Alerts: D-Link DWL-2600AP Command Injection (CVE-2019-20499; CVE-2019-20500; CVE-2019-20501)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=cb705a565cf62a748705a5f82bcc1936"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"db": "VULMON",
"id": "CVE-2019-20500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"db": "NVD",
"id": "CVE-2019-20500"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.exploit-db.com/exploits/46841"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20500"
},
{
"trust": 1.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10113"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20500"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152771/d-link-dwl-2600ap-upgrade-firmware-command-injection.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152770/d-link-dwl-2600ap-save-configuration-command-injection.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46081"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2019-2938.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-205"
},
{
"db": "NVD",
"id": "CVE-2019-20500"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-205"
},
{
"db": "NVD",
"id": "CVE-2019-20500"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"date": "2020-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20500"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"date": "2020-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-205"
},
{
"date": "2020-03-05T15:15:11.253000",
"db": "NVD",
"id": "CVE-2019-20500"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15981"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"date": "2023-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20500"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014770"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-205"
},
{
"date": "2024-11-21T04:38:37.617000",
"db": "NVD",
"id": "CVE-2019-20500"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-205"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-2600AP In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014770"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-205"
}
],
"trust": 0.6
}
}
var-202302-0845
Vulnerability from variot
A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. DWL-2600AP Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DWL-2600AP is a wireless access point device produced by China D-Link Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0845",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwl-2600ap",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "4.2.0.17"
},
{
"model": "dwl-2600ap",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dwl-2600ap",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dwl-2600ap firmware"
},
{
"model": "dwl-2600ap",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dwl-2600ap",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "v4.2.0.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"db": "NVD",
"id": "CVE-2023-0127"
}
]
},
"cve": "CVE-2023-0127",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2023-21664",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-0127",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-0127",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-0127",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-0127",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-21664",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-774",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-774"
},
{
"db": "NVD",
"id": "CVE-2023-0127"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A command injection vulnerability in the firmware_update command, in the device\u0027s restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. DWL-2600AP Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DWL-2600AP is a wireless access point device produced by China D-Link Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0127"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"db": "VULMON",
"id": "CVE-2023-0127"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-0127",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003599",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-21664",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-774",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-0127",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"db": "VULMON",
"id": "CVE-2023-0127"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-774"
},
{
"db": "NVD",
"id": "CVE-2023-0127"
}
]
},
"id": "VAR-202302-0845",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-21664"
}
],
"trust": 1.4125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-21664"
}
]
},
"last_update_date": "2024-08-14T14:43:28.714000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/homepage"
},
{
"title": "Patch for D-Link DWL-2600AP Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/416261"
},
{
"title": "D-Link DWL-2600AP Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226227"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2023-0127 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"db": "VULMON",
"id": "CVE-2023-0127"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-774"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"db": "NVD",
"id": "CVE-2023-0127"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2023-1"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0127"
},
{
"trust": 0.6,
"url": "https://us.dlink.com/en/consumer"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-0127/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2023-0127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"db": "VULMON",
"id": "CVE-2023-0127"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-774"
},
{
"db": "NVD",
"id": "CVE-2023-0127"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"db": "VULMON",
"id": "CVE-2023-0127"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-774"
},
{
"db": "NVD",
"id": "CVE-2023-0127"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0127"
},
{
"date": "2023-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"date": "2023-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-774"
},
{
"date": "2023-02-11T18:15:11.327000",
"db": "NVD",
"id": "CVE-2023-0127"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0127"
},
{
"date": "2023-09-14T01:12:00",
"db": "JVNDB",
"id": "JVNDB-2023-003599"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-774"
},
{
"date": "2023-04-26T19:27:52.350000",
"db": "NVD",
"id": "CVE-2023-0127"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-774"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-2600AP Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-21664"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-774"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-774"
}
],
"trust": 0.6
}
}
var-202003-0962
Vulnerability from variot
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. D-Link DWL-2600AP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DWL-2600AP is a wireless access device.
D-Link DWL-2600AP Upgrade Firmware has a command injection vulnerability. An attacker could use the vulnerability to execute arbitrary operating system commands on the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0962",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwl-2600ap",
"scope": "eq",
"trust": 1.4,
"vendor": "d link",
"version": "4.2.0.15"
},
{
"model": "d-link dwl-2600ap",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
},
{
"model": "dwl-2600ap",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "4.2.0.15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"db": "NVD",
"id": "CVE-2019-20499"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dwl-2600ap_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Metasploit,Raki Ben Hamouda, Nick Starke",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-201"
}
],
"trust": 0.6
},
"cve": "CVE-2019-20499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20499",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014769",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-15982",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39412",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39413",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-20499",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014769",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20499",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014769",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-15982",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-39412",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-39413",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-201",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-20499",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20499"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-201"
},
{
"db": "NVD",
"id": "CVE-2019-20499"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. D-Link DWL-2600AP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DWL-2600AP is a wireless access device. \n\nD-Link DWL-2600AP Upgrade Firmware has a command injection vulnerability. An attacker could use the vulnerability to execute arbitrary operating system commands on the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20499"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20499"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20499",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "46841",
"trust": 2.9
},
{
"db": "DLINK",
"id": "SAP10113",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "156952",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014769",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15982",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152771",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-39412",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152770",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-39413",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "48274",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46080",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-201",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-20499",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20499"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-201"
},
{
"db": "NVD",
"id": "CVE-2019-20499"
}
]
},
"id": "VAR-202003-0962",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
}
],
"trust": 2.6125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
}
]
},
"last_update_date": "2024-11-23T21:59:23.313000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DWL-2600AP (Rev. Ax : F/W 4.2.0.15 and Older) Multiple Command Injection Vulnerabilities in Web-GUI command Interface",
"trust": 0.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"title": "Patch for D-Link DWL-2600AP Operating System Command Injection Vulnerability (CNVD-2020-15982)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/207711"
},
{
"title": "D-Link DWL-2600AP Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111613"
},
{
"title": "Check Point Security Alerts: D-Link DWL-2600AP Command Injection (CVE-2019-20499; CVE-2019-20500; CVE-2019-20501)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=cb705a565cf62a748705a5f82bcc1936"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"db": "VULMON",
"id": "CVE-2019-20499"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"db": "NVD",
"id": "CVE-2019-20499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.exploit-db.com/exploits/46841"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20499"
},
{
"trust": 1.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10113"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/156952/dlink-dwl-2600-authenticated-remote-command-injection.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20499"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152771/d-link-dwl-2600ap-upgrade-firmware-command-injection.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152770/d-link-dwl-2600ap-save-configuration-command-injection.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46080"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48274"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2019-2938.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20499"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-201"
},
{
"db": "NVD",
"id": "CVE-2019-20499"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"db": "VULMON",
"id": "CVE-2019-20499"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-201"
},
{
"db": "NVD",
"id": "CVE-2019-20499"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"date": "2020-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20499"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"date": "2020-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-201"
},
{
"date": "2020-03-05T15:15:11.160000",
"db": "NVD",
"id": "CVE-2019-20499"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15982"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39412"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39413"
},
{
"date": "2023-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20499"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014769"
},
{
"date": "2020-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-201"
},
{
"date": "2024-11-21T04:38:37.483000",
"db": "NVD",
"id": "CVE-2019-20499"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-2600AP In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014769"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-201"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2020-03-05 15:15
Modified
2025-03-14 20:50
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46841 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46841 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dwl-2600ap_firmware | * | |
| dlink | dwl-2600ap | - |
{
"cisaActionDue": "2023-07-20",
"cisaExploitAdd": "2023-06-29",
"cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.",
"cisaVulnerabilityName": "D-Link DWL-2600AP Access Point Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwl-2600ap_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E865D3E-7154-4C09-9D6E-3437040744D7",
"versionEndIncluding": "4.2.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwl-2600ap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA498E6-6804-4469-9FCD-A09CB7A8B178",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter."
},
{
"lang": "es",
"value": "Los dispositivos D-Link DWL-2600AP versi\u00f3n 4.2.0.15 Rev A, presentan una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo autenticado por medio de la funcionalidad Save Configuration en la interfaz web, utilizando metacaracteres de shell en el par\u00e1metro configBackup o downloadServerip de admin.cgi?action=config_save."
}
],
"id": "CVE-2019-20500",
"lastModified": "2025-03-14T20:50:11.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-03-05T15:15:11.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46841"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-11 18:15
Modified
2025-03-24 15:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2023-1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2023-1 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dwl-2600ap_firmware | 4.2.0.17 | |
| dlink | dwl-2600ap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwl-2600ap_firmware:4.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "63784219-A865-4D96-AE61-C70BA1EE9BB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwl-2600ap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA498E6-6804-4469-9FCD-A09CB7A8B178",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the firmware_update command, in the device\u0027s restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root."
}
],
"id": "CVE-2023-0127",
"lastModified": "2025-03-24T15:15:14.803",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-11T18:15:11.327",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-1"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-05 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46841 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46841 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dwl-2600ap_firmware | * | |
| dlink | dwl-2600ap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwl-2600ap_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E865D3E-7154-4C09-9D6E-3437040744D7",
"versionEndIncluding": "4.2.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwl-2600ap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA498E6-6804-4469-9FCD-A09CB7A8B178",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter."
},
{
"lang": "es",
"value": "Los dispositivos D-Link DWL-2600AP versi\u00f3n 4.2.0.15 Rev A, presentan una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo autenticada por medio de la funcionalidad Upgrade Firmware en la interfaz web, utilizando metacaracteres de shell en el par\u00e1metro firmwareRestore o firmwareServerip de admin.cgi?action=upgrade."
}
],
"id": "CVE-2019-20501",
"lastModified": "2024-11-21T04:38:37.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-05T15:15:11.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46841"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-05 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dwl-2600ap_firmware | * | |
| dlink | dwl-2600ap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwl-2600ap_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E865D3E-7154-4C09-9D6E-3437040744D7",
"versionEndIncluding": "4.2.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwl-2600ap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA498E6-6804-4469-9FCD-A09CB7A8B178",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter."
},
{
"lang": "es",
"value": "Los dispositivos D-Link DWL-2600AP versi\u00f3n 4.2.0.15 Rev A, presentan una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo autenticado por medio de la funcionalidad Restore Configuration en la interfaz web, utilizando metacaracteres de shell en el par\u00e1metro configRestore o configServerip de admin.cgi?action=config_restore."
}
],
"id": "CVE-2019-20499",
"lastModified": "2024-11-21T04:38:37.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-05T15:15:11.160",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/156952/DLINK-DWL-2600-Authenticated-Remote-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/156952/DLINK-DWL-2600-Authenticated-Remote-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46841"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-20500 (GCVE-0-2019-20500)
Vulnerability from cvelistv5
Published
2020-03-05 14:37
Modified
2025-07-30 01:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46841 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:46:08.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46841"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-20500",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:31:35.697043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-20500"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:45:47.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00+00:00",
"value": "CVE-2019-20500 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-05T14:37:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/46841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"name": "https://www.exploit-db.com/exploits/46841",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/46841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20500",
"datePublished": "2020-03-05T14:37:00.000Z",
"dateReserved": "2020-03-05T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:45:47.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0127 (GCVE-0-2023-0127)
Vulnerability from cvelistv5
Published
2023-02-11 00:00
Modified
2025-03-24 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Command Injection
Summary
A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | D-Link DWL-2600AP with firmware v4.2.0.17 |
Version: DWL-2600AP with firmware version v.4.2.0.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0127",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T14:36:23.307382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T14:37:35.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "D-Link DWL-2600AP with firmware v4.2.0.17",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "DWL-2600AP with firmware version v.4.2.0.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the firmware_update command, in the device\u0027s restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-11T00:00:00.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-0127",
"datePublished": "2023-02-11T00:00:00.000Z",
"dateReserved": "2023-01-09T00:00:00.000Z",
"dateUpdated": "2025-03-24T14:37:35.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20501 (GCVE-0-2019-20501)
Vulnerability from cvelistv5
Published
2020-03-05 14:36
Modified
2024-08-05 02:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46841 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:46:08.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-05T14:36:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/46841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"name": "https://www.exploit-db.com/exploits/46841",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/46841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20501",
"datePublished": "2020-03-05T14:36:08",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:46:08.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20499 (GCVE-0-2019-20499)
Vulnerability from cvelistv5
Published
2020-03-05 14:37
Modified
2024-08-05 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46841 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/156952/DLINK-DWL-2600-Authenticated-Remote-Command-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46841"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156952/DLINK-DWL-2600-Authenticated-Remote-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-28T16:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/46841"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156952/DLINK-DWL-2600-Authenticated-Remote-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113"
},
{
"name": "https://www.exploit-db.com/exploits/46841",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/46841"
},
{
"name": "http://packetstormsecurity.com/files/156952/DLINK-DWL-2600-Authenticated-Remote-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156952/DLINK-DWL-2600-Authenticated-Remote-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20499",
"datePublished": "2020-03-05T14:37:27",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}