← back
CVE-2019-20501

CVE-2019-20501

EPSS 90.5%
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS EPSS 90.5%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
05 Mar 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.