Dir-859 Firmware Security Vulnerabilities and Issues — Dir-859 Firmware CVE List

Lucene search

DlinkDir-859 Firmware

8 matches found

CVE•added 2019/12/30 5:15 p.m.•442 views

CVE-2019-17621

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

10CVSS9.3AI score0.93194EPSS

CVE•added 2020/01/29 3:15 a.m.•159 views

CVE-2019-20215

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker ...

10CVSS9.7AI score0.90327EPSS

CVE•added 2020/01/02 2:16 p.m.•102 views

CVE-2019-20213

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.

7.5CVSS7.3AI score0.00841EPSS

CVE•added 2020/01/29 3:15 a.m.•93 views

CVE-2019-20216

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an att...

10CVSS9.8AI score0.05128EPSS

CVE•added 2022/03/04 8:15 p.m.•92 views

CVE-2022-25106

D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

7.1CVSS5.6AI score0.00137EPSS

CVE•added 2020/01/29 3:15 a.m.•82 views

CVE-2019-20217

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attac...

10CVSS9.8AI score0.05786EPSS

CVE•added 2024/01/21 8:15 a.m.•72 views

CVE-2024-0769

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../...

9.8CVSS9.4AI score0.72233EPSS

CVE•added 2023/07/31 2:15 p.m.•50 views

CVE-2023-36092

Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

9.8CVSS9.6AI score0.00394EPSS