KEVIntel
Back to KEVs
7.8
CVSS
High

CVE-2019-20500

PUBLISHED

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the...

Exploited in the wild Low complexity No user interaction
Vendor
D-Link
Product
DWL-2600AP
Published
Mar 05, 2020
EPSS

Description

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.

cisa

CVSS scores

CVSS v3.1 7.8 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.2

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2023-06-29 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Jun 29, 2023

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel