CVE-2019-17621
D-Link DIR-859 Router Command Execution Vulnerability
CVSS
—
No CVSS
EPSS
89.6%
p100
KEV
YES
Jun 29, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
D-Link / DIR-859 Router
Vulnerability
D-Link DIR-859 Router Command Execution Vulnerability
Added to KEV
Jun 29, 2023
Remediate by
Jul 20, 2023
Known ransomware use
No
Summary description
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Required action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Notes
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147; https://nvd.nist.gov/vuln/detail/CVE-2019-17621