CVE-2019-17621

Warning

Exploit

EPSS 93.19%
Published 30.12.2019 17:15:19
Last modified 03.04.2025 20:05:08
Source cve@mitre.org
Teams watchlist Login
Open Login

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

Affected products Warnungen 1 Metrics 4 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dir-859 Firmware Version <= 1.05b03

Dlink ≫ Dir-859 Version-

Dlink ≫ Dir-859 Firmware Version1.06b01 Updatebeta1

Dlink ≫ Dir-859 Version-

Dlink ≫ Dir-822 Firmware Version <= 2.03b01

Dlink ≫ Dir-822 Version-

Dlink ≫ Dir-822 Firmware Version <= 3.12b04

Dlink ≫ Dir-822 Version-

Dlink ≫ Dir-823 Firmware Version <= 1.00b06

Dlink ≫ Dir-823 Version-

Dlink ≫ Dir-823 Firmware Version1.00b06 Updatebeta

Dlink ≫ Dir-823 Version-

Dlink ≫ Dir-865l Firmware Version <= 1.07b01

Dlink ≫ Dir-865l Version-

Dlink ≫ Dir-868l Firmware Version <= 1.12b04

Dlink ≫ Dir-868l Version-

Dlink ≫ Dir-868l Firmware Version <= 2.05b02

Dlink ≫ Dir-868l Version-

Dlink ≫ Dir-869 Firmware Version <= 1.03b02

Dlink ≫ Dir-869 Version-

Dlink ≫ Dir-869 Firmware Version1.03b02 Updatebeta02

Dlink ≫ Dir-869 Version-

Dlink ≫ Dir-880l Firmware Version <= 1.08b04

Dlink ≫ Dir-880l Version-

Dlink ≫ Dir-890l Firmware Version <= 1.11b01

Dlink ≫ Dir-890l Version-

Dlink ≫ Dir-890l Firmware Version1.11b01 Updatebeta01

Dlink ≫ Dir-890l Version-

Dlink ≫ Dir-890r Firmware Version <= 1.11b01

Dlink ≫ Dir-890r Version-

Dlink ≫ Dir-890r Firmware Version1.11b01 Updatebeta01

Dlink ≫ Dir-890r Version-

Dlink ≫ Dir-885l Firmware Version <= 1.12b05

Dlink ≫ Dir-885l Version-

Dlink ≫ Dir-885r Firmware Version <= 1.12b05

Dlink ≫ Dir-885r Version-

Dlink ≫ Dir-895l Firmware Version <= 1.12b10

Dlink ≫ Dir-895l Version-

Dlink ≫ Dir-895r Firmware Version <= 1.12b10

Dlink ≫ Dir-895r Version-

Dlink ≫ Dir-818lx Firmware Version-

Dlink ≫ Dir-818lx Version-

29.06.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

D-Link DIR-859 Router Command Execution Vulnerability

Vulnerability

D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

Description

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.19%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.dlink.com/en/security-bulletin

Vendor Advisory

https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf

Third Party Advisory

US Government Resource

http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104

Third Party Advisory

Exploit