⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: The impacted product is end-of-life and should be disconnected if still in use.. Due date: 2022-05-06.

CVE-2019-16057OS Command Injection in Dlink Dns-320 Firmware

CWE-78OS Command Injection7 documents7 sources
Severity
9.8CRITICALNVD
EPSS
94.0%
top 0.10%
CISA KEV
KEVRansomware
Added 2022-04-15
Due 2022-05-06
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Dlink Dns-320 Firmware
Timeline
PublishedSep 16
KEV addedApr 15
KEV dueMay 6
Latest updateMay 24
CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-q867-77vc-2rp5: The login_mgr2022-05-24
CVEList
CVE-2019-16057: The login_mgr2019-09-16
VulnCheck
D-Link DNS-320 Remote Code Execution Vulnerability2019

💥Exploits & PoCs

1
Nuclei
D-Link DNS-320 - Remote Code Execution

🔍Detection Rules

1
Suricata
ET EXPLOIT DLink DNS 320 Remote Code Execution (CVE-2019-16057)2019-09-18

📋Vendor Advisories

1
CISA
D-Link DNS-320 Remote Code Execution Vulnerability2022-04-15
CVE-2019-16057 — OS Command Injection in Dlink | cvebase