4 matches found
CVE-2019-20216
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because REMOTEPORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an...
DLink DIR-859 1.05 & 1.06B01 Multiple Vulnerabilities (RCE)
The version of DLink installed on the remote host is prior to 1.07b03. It is, therefore, affected by multiple remote code execution vulnerabilities as referenced in the vendor advisory. - The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an...
CVE-2019-20216
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because REMOTEPORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an...
CVE-2019-20216
CVE-2019-20216 affects D-Link DIR-859 routers (versions 1.05 and 1.06B01 Beta01). The flaw resides in ssdpcgi() handling of M-SEARCH requests and is triggered by the urn: to the M-SEARCH path, with REMOTE_PORT mishandled. The urn: service/device value is checked with strstr, enabling an attacker ...