DLink DIR-859 1.05 & 1.06B01 Path Traversal

The version of DLink installed on the remote host is prior to 1.07b03. It is, therefore, affected by a path traversal vulnerability as referenced in the vendor advisory. - A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown...

DLink DIR-859 < 1.07B03 Information Disclosure

The version of DLink installed on the remote host is prior to 1.07b03. It is, therefore, affected by an information disclosure vulnerability as referenced in the vendor advisory. A remote, unauthenticated attacker can explioit this exposure by sending a carefully crafted paypload with a...

Exploit for OS Command Injection in Dlink Dir-859_Firmware

IoT-vulhub 受 Vulhub 项目的启发，希望做一个 IoT 版的固件漏洞复现环境。 安装 在 Ubuntu 20.04 下安装 docker 和 docker-compose： sh 安装 pip $ curl -s https://bootstrap.pypa.io/get-pip.py | python3 安装最新版 docker $ curl -s https://get.docker.com/ | sh 启动 docker 服务 $ systemctl start docker 安装 docker-compose $ python3 -m pip install...

CVE-2019-20217

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because SERVERID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attack...