CVE-2019-20215

🗓️ 29 Jan 2020 02:23:26Reported by mitreType

cve🔗 web.nvd.nist.gov👁 166 Views🌐 WEB

D-Link DIR-859 devices permit remote command execution due to improper handling of HTTP_ST.

Reporter	Title	Published	Views	Family All 16
0day.today	D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi Exploit	10 Feb 202000:00	–	zdt
Gitee	Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform	8 Dec 202020:38	–	gitee
Circl	CVE-2019-20215	29 May 201815:50	–	circl
CNVD	D-Link DIR-859 ssdpcgi() M-SEARCH arbitrary command execution vulnerability (CNVD-2020-13689)	4 Feb 202000:00	–	cnvd
Check Point Advisories	D-Link DIR-859 Remote Code Execution (CVE-2019-20215)	21 May 202000:00	–	checkpoint_advisories
Cvelist	CVE-2019-20215	29 Jan 202002:23	–	cvelist
Tenable Nessus	DLink DIR-859 1.05 & 1.06B01 Multiple Vulnerabilities (RCE)	22 Dec 202300:00	–	nessus
Exploit DB	D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)	10 Feb 202000:00	–	exploitdb
Metasploit	D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi	28 Jan 202019:15	–	metasploit
Metasploit	D-Link Unauthenticated Remote Command Execution using UPnP via a special crafted M-SEARCH packet.	11 Jul 201414:17	–	metasploit

NVD

Node

AND

Source	Link
medium	www.medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-rce-in-ssdpcgi-http-st-cve-2019-20215-en-2e799acb8a73
packetstormsecurity	www.packetstormsecurity.com/files/156250/D-Link-ssdpcgi-Unauthenticated-Remote-Command-Execution.html
supportannouncement	www.supportannouncement.us.dlink.com/announcement/publication.aspx

Parameter	Position	Path	Description	CWE
ST	header	/htdocs/cgibin	D-Link UPnP command injection via crafted M-SEARCH header in ssdpcgi (CVE-2019-20215).	CWE-78

21 Nov 2024 04:38Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

CVSS 210

EPSS0.90327