CVE-2019-17508

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable...

The vulnerability of D-Link DIR-850 router’s microprogramming software, related to errors during the loading of configuration files, allows a hacker to redirect users to any arbitrary URL address.

The vulnerability of D-Link DIR-850 router’s microprogramming software is related to errors during the loading of configuration files. Exploiting this vulnerability can allow a malicious actor to redirect users to any desired URL address...

PT-2022-2086 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850 versions ET850-1.08TRb03 Description: The issue is related to insufficient access control in the router's firmware, which can be exploited by a remote attacker to redirect users to an arbitrary URL. This can potentially lead to...

CVE-2019-17508

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable...

Command injection

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable...

CVE-2019-17508

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable...

CVE-2019-17508

The CVE-2019-17508 entry covers command-injection on D-Link DIR-859 (A3-1.06) and DIR-850 (A1.13) devices via /etc/services/DEVICE.TIME.php, exploitable through the $SERVER variable. Multiple connected documents corroborate a remote-code-execution risk with high impact: CVSS v3.1 base score 9.8 (...