logo

CVE-2019-20500 - D-Link DWL-2600AP Access Point Command Injection Vulnerability

D-Link | DWL-2600AP Access Point

  • Date Added:
  • 2023-06-29
  • Due Date:
  • 2023-07-20
Vulnerability Name

D-Link DWL-2600AP Access Point Command Injection Vulnerability

Description

D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Additional Notes
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113; https://nvd.nist.gov/vuln/detail/CVE-2019-20500

Free online web security scanner