QwikSec

Security Database

CVE

CWE

Training

CVE-2019-20499

Published: Mar 5, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113

x_refsource_MISC

https://www.exploit-db.com/exploits/46841

x_refsource_MISC

http://packetstormsecurity.com/files/156952/DLINK-DWL-2600-Authenticated-Remote-Command-Injection.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.