Lucene search

Dir-655 Firmware Security Vulnerabilities

cve

CVE-2019-13560

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.

9.8CVSS

9.5AI Score

0.009EPSS

2019-07-11 03:15 PM

cve

CVE-2019-13561

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.

9.8CVSS

9.8AI Score

0.007EPSS

2019-07-11 03:15 PM

cve

CVE-2019-13562

D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter.

6.1CVSS

6.9AI Score

0.001EPSS

2019-07-11 03:15 PM

cve

CVE-2019-13563

D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console.

8.8CVSS

9.1AI Score

0.003EPSS

2019-07-11 03:15 PM

cve

CVE-2019-16920

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers t...

9.8CVSS

9.8AI Score

0.97EPSS

2019-09-27 12:15 PM

943

In Wild