D-Link DWL-2600AP Access Point Command Injection Vulnerability - 20230630006¶
Overview¶
D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.
What is the vulnerability?¶
CVE-2019-20500 - CVSS v3 Base Score: 7.8
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends to apply updates per vendor instructions or discontinue use of the product if updates are unavailable.