Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-20501

CWE-78OS Command Injection5 documents5 sources
Severity
7.8HIGH
EPSS
13.0%
top 5.93%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Dlink Dwl-2600ap Firmware
Timeline
PublishedMar 5
Latest updateNov 7

Description

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: supportannouncement.us.dlink.comPatch: supportannouncement.us.dlink.com

🔴Vulnerability Details

2
GHSA
GHSA-q56w-5m9j-r836: D-Link DWL-2600AP 42022-05-24
CVEList
CVE-2019-20501: D-Link DWL-2600AP 42020-03-05

💥Exploits & PoCs

1
Exploit-DB
D-Link DWL-2600AP - Multiple OS Command Injection2019-05-14

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS D-Link DWL-2600AP Command Injection Attempt (CVE-2019-20499, CVE-2019-20500, CVE-2019-20501)2024-11-07
CVE-2019-20501 (HIGH CVSS 7.8) | D-Link DWL-2600AP 4.2.0.15 Rev A de | cvebase.io