CVE-2019-17621 - D-Link DIR-859 Router Command Execution Vulnerability
Project:D-Link
Product:DIR-859 Router
Date Added:2023-06-29Due Date:2023-07-20
Vulnerability Name
D-Link DIR-859 Router Command Execution Vulnerability
Description
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Additional Notes
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147
https://nvd.nist.gov/vuln/detail/CVE-2019-17621