CVE-2019-20500 - D-Link DWL-2600AP Access Point Command Injection Vulnerability
Project:D-Link
Product:DWL-2600AP Access Point
Date Added:2023-06-29Due Date:2023-07-20
Vulnerability Name
D-Link DWL-2600AP Access Point Command Injection Vulnerability
Description
D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Additional Notes
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113
https://nvd.nist.gov/vuln/detail/CVE-2019-20500