In September this year, Fortinet specialists discovered a number of D-Link routers have a serious vulnerability that could lead to remote code execution (CVE-2019-16920) The error received 9.8 points on the CVSS v3.1 scale and 10 points on the CVSS v2.0 scale.
According to experts, the problem affects the firmware in the lines DIR-655, DIR-866L, DIR-652 and DHP-1565, and allows unauthenticated command injections. To exploit the bug, attackers can intentionally log into the system with "bad" authentication. The fact is that when checking for incorrect authentication, the code will still be executed, regardless of whether the user has the right to do so. As a result, simply sending an HTTP POST request through PingTest will allow the attacker to either obtain administrator credentials or install a backdoor.
Researchers told D-Link specialists about the problem at the end of September, and although the company recognized the vulnerability almost immediately, the manufacturer said three days later that there would be no fix for the bug, as support for vulnerable products had long been discontinued. So now users of vulnerable routers are advised to consider replacing obsolete products to reduce risks.