CVE-2019-20500 — Actively Exploited: DWL-2600AP Access Point (D-Link)
D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.
| CVE ID | CVE-2019-20500 |
|---|---|
| Vendor | D-Link |
| Product | DWL-2600AP Access Point |
| Vulnerability name | D-Link DWL-2600AP Access Point Command Injection Vulnerability |
| Date added | 2023-06-29 |
| Remediation due | 2023-07-20 |
| Known ransomware use | Unknown |
| Required action | Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. |
| Description | D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →