CVE-2019-17621
D-Link DIR-859 Router Command Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
89.6%
p100
KEV
SÍ
29 jun 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
D-Link / DIR-859 Router
Vulnerabilidad
D-Link DIR-859 Router Command Execution Vulnerability
Añadido a KEV
29 jun 2023
Remediar antes de
20 jul 2023
Uso conocido en ransomware
No
Descripción resumida
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Acción requerida
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Notas
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147; https://nvd.nist.gov/vuln/detail/CVE-2019-17621