CVE-2020-15893
published 2020-07-22CVE-2020-15893: An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dir-816l_firmware | — | — |
| dlink | dir-816l_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL