Cyber Resilience

CVE-2019-16057

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linkedRCE

Published: 16 September 2019

Published
16 September 2019
Modified
06 November 2025
KEV Added
15 April 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9405 99.9th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-16057 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dns-320 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

The vulnerability CVE-2019-16057 is an OS command injection flaw (CWE-78) in the login_mgr.cgi script of D-Link DNS-320 network-attached storage devices running firmware versions through 2.05.B10. It received a CVSS 3.1 base score of 9.8, driven by network attack vector, low complexity, and no requirements for authentication or user interaction.

Remote attackers can supply crafted input to the script to execute arbitrary operating-system commands on the device. This grants full read, write, and control capabilities, resulting in complete compromise of confidentiality, integrity, and availability.

The issue is listed in CISA's Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation. Public references include detailed technical write-ups of the remote-code-execution path and an FTC enforcement action against D-Link that references the affected product line.

EU & UK References

Vulnerability details

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.

CWE(s)
KEV Date Added
15 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dns-320 firmware
≤ 2.05.b10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to login_mgr.cgi, blocking the crafted OS command payloads that enable unauthenticated RCE.

prevent

Enforces authentication and authorization checks before any script execution, eliminating the no-authentication path used by the vulnerability.

prevent

Restricts network access to the device's web interface, limiting exposure of the vulnerable login_mgr.cgi endpoint from untrusted sources.

References