D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
CPE | Name | Operator | Version |
---|---|---|---|
dir-859_firmware | eq | 1.05 | |
dir-859_firmware | eq | 1.6b1 beta1 |