| Description |
|---|
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-20216, Last Modified: 2020-01-29T03:15:00Z References AdvisoryModemly Security Checklist D-Link-DIR-859-router-setup |
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-20217, Last Modified: 2020-01-29T03:15:00Z References AdvisoryModemly Security Checklist D-Link-DIR-859-router-setup |
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-20215, Last Modified: 2020-01-29T03:15:00Z References AdvisoryModemly Security Checklist D-Link-DIR-859-router-setup |
|
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-20213, Last Modified: 2020-01-02T14:40:00Z References AdvisoryModemly Security Checklist D-Link-DIR-859-router-setup |
|
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-17621, Last Modified: 2019-12-30T18:12:00Z References AdvisoryModemly Security Checklist D-Link-DIR-859-router-setup |
USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.
