CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2019-16057

CVSS 9.8v3.1pub. 2019-09-16upd. 2025-11-06

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dns 320

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 320 Firmware

    OS
    Dlink
    ≤ 2.05.b10

CISA KEV — detailsi

Vendori
D-Link
Producti
DNS-320 Storage Device
Added to KEVi
April 15, 2022
Remediation deadline (US Federal)i
May 6, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

The impacted product is end-of-life and should be disconnected if still in use.

CISA descriptioni

The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 6 maja 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam produkt

D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)

CVE-2020-25506CRITICAL9.8⚠ KEVten sam produkt

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which...

CVE-2024-10915CRITICAL9.2PL ✓ten sam produkt

Command injection w D-Link DNS-320/325/340L przez parametr group

CVE-2024-10914CRITICAL9.2PL ✓ten sam produkt

Command injection w D-Link DNS-320/325/340L — zdalne wykonanie poleceń OS

CVE-2024-3273HIGH7.3⚠ KEVten sam produkt

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320...