CVEDB API

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.94

EPSS Ranking 99.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

Proposed Action

The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

Ransomware Campaign

Known

References

Products affected by CVE-2019-16057

Dlink » Dns-320 » Version: N/A

cpe:2.3:h:dlink:dns-320:-
Dlink » Dns-320 Firmware » Version: N/A

cpe:2.3:o:dlink:dns-320_firmware:-
Dlink » Dns-320 Firmware » Version: 2.00

cpe:2.3:o:dlink:dns-320_firmware:2.00
Dlink » Dns-320 Firmware » Version: 2.02

cpe:2.3:o:dlink:dns-320_firmware:2.02
Dlink » Dns-320 Firmware » Version: 2.02b01

cpe:2.3:o:dlink:dns-320_firmware:2.02b01
Dlink » Dns-320 Firmware » Version: 2.03

cpe:2.3:o:dlink:dns-320_firmware:2.03
Dlink » Dns-320 Firmware » Version: 2.05

cpe:2.3:o:dlink:dns-320_firmware:2.05
Dlink » Dns-320 Firmware » Version: 2.05.b10

cpe:2.3:o:dlink:dns-320_firmware:2.05.b10