The vulnerability of the sub_16570 function in the /htdocs/ssdpcgi file of the D-Link DIR-880L router’s microprogramming system, related to the lack of data cleaning at the control level, allows a hacker to execute arbitrary commands.

The vulnerability of the sub16570 function in the /htdocs/ssdpcgi file of the D-Link DIR-880 router’s microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

CVE-2025-4341

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command...

CVE-2024-22651

There is a command injection vulnerability in the ssdpcgimain function of cgibin binary in D-Link DIR-815 router firmware v1.04...

PT-2024-19522 · D Link · D-Link Dir-815

Name of the Vulnerable Software and Affected Versions: D-Link DIR-815 router firmware version 1.04 Description: There is a command injection issue in the ssdpcgi main function of the cgibin binary. This affects the D-Link DIR-815 router firmware. Recommendations: For D-Link DIR-815 router firmwar...

PT-2022-23773

Name of the Vulnerable Software and Affected Versions D-Link GO-RT-AC750 version GORTAC750 revA v101b03 D-Link GO-RT-AC750 version GO-RT-AC750 revB FWv200b02 Description The issue allows for Command Injection via cgibin and ssdpcgi main. Recommendations For version GORTAC750 revA v101b03, conside...

CVE-2022-35619

D-LINK DIR-818LW A1:DIR818LFW105b01 was discovered to contain a remote code execution RCE vulnerability via the function ssdpcgimain...

CVE-2022-35619

D-LINK DIR-818LW A1:DIR818LFW105b01 was discovered to contain a remote code execution RCE vulnerability via the function ssdpcgimain...

PT-2022-4530 · D Link · D-Link Dir-818Lw

Name of the Vulnerable Software and Affected Versions: D-LINK DIR-818LW version DIR818L FW105b01 Description: The issue is related to a remote code execution vulnerability via the ssdpcgi main function. This vulnerability is associated with coding errors in the firmware of D-LINK DIR-818LW router...

D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi', 'Description' = %q D-Link Devices Unauthenticated Remote Command Execution i...

D-Link DIR-859 ssdpcgi() M-SEARCH Arbitrary Command Execution Vulnerability

The D-Link DIR-859 is a router device. A security vulnerability exists in the D-Link DIR-859 ssdpcgi M-SEARCH method handling, which can be exploited by remote attackers to submit a special request to execute arbitrary commands...

D-Link DIR-859 ssdpcgi() M-SEARCH arbitrary command execution vulnerability (CNVD-2020-13686)

The D-Link DIR-859 is a router device. A security vulnerability exists in the D-Link DIR-859 ssdpcgi M-SEARCH method of handling, which can be exploited by remote attackers to submit a special request to execute arbitrary commands...

D-Link DIR-859 ssdpcgi() M-SEARCH arbitrary command execution vulnerability (CNVD-2020-13689)

The D-Link DIR-859 is a router device. A security vulnerability exists in the D-Link DIR-859 ssdpcgi M-SEARCH method handling, which can be exploited by remote attackers to submit a special request to execute arbitrary commands...

CVE-2019-20217

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because SERVERID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attack...

CVE-2019-20216

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because REMOTEPORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an...

CVE-2019-20217

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because SERVERID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attack...

CVE-2019-20215

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because HTTPST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker t...

Design/Logic Flaw

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because SERVERID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attack...

Design/Logic Flaw

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because REMOTEPORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an...

Design/Logic Flaw

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because HTTPST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker t...

CVE-2019-20216

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because REMOTEPORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an...