FortiGuardLabs researchers recently revealed that there are remote code execution vulnerabilities (CVE-2019-16920) in some models of D-Link routers. This vulnerability will affect the D-Link firmware in the DIR-655, DIR-866L, DIR-652, and DHP-1565 product families.
It is understood that the vulnerability allows an attacker to execute code remotely without authentication. A hacker can send a POST HTTP request through the Ping_Test gateway structure to obtain administrator credentials for the device or install a backdoor in the device.
The researcher said, “we implement the POST HTTP Request to ‘apply_sec.cgi’ with the action ping_test.” “We then perform the command injection in ping_ipaddr. Even if it returns the login page, the action ping_test is still performed – the value of ping_ipaddr will execute the “echo 1234″ command in the router server and then send the result back to our server.”
On September 22, the researchers reported this vulnerability to D-Link. However, the company said that because the affected products are close to the end of their useful life, the company will not release relevant security patches.