CVE-2019-17621 - D-Link DIR-859 Router Command Execution Vulnerability
CVE-2019-17621
D-Link | DIR-859 Router
- Date Added:
- 2023-06-29
- Due Date:
- 2023-07-20
- Vulnerability Name
D-Link DIR-859 Router Command Execution Vulnerability
- Description
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
- Additional Notes
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147; https://nvd.nist.gov/vuln/detail/CVE-2019-17621
Free security scan for your website