An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
References
| Link | Resource |
|---|---|
| https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/ | Exploit Third Party Advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
08 Nov 2023, 22:49
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:d-link:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:* |
cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:* cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:* |
| First Time |
Dlink dir-816l Firmware
|
26 Apr 2023, 18:55
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:* | |
| First Time |
Dlink dir-816l
Dlink |
Information
Published : 2020-07-22 19:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-15893
Mitre link : CVE-2020-15893
CVE.ORG link : CVE-2020-15893
JSON object : View
Products Affected
dlink
- dir-816l
- dir-816l_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')