CVE-2019-20500 - D-Link DWL-2600AP Access Point Command Injection Vulnerability

Project:D-Link

Product:DWL-2600AP Access Point

Date Added:2023-06-29Due Date:2023-07-20Last Updated:June 21, 2025

Vulnerability Name

D-Link DWL-2600AP Access Point Command Injection Vulnerability

Description

D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Additional Notes

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113

https://nvd.nist.gov/vuln/detail/CVE-2019-20500

Related Weaknesses