CVE-2019-20217
CRITICALD-Link DIR-859 1.05 and 1.06B01 Beta01 - Unauthenticated OS Command Injection via M-SEARCH urn Parameter
Title source: llmDescription
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147
Various Sources x_refsource_misc
https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-en-6bca043500ae
Various Sources x_refsource_misc
https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-es-e11ca6168d35
Scores
CVSS v3
9.8
EPSS
0.0579
EPSS Percentile
90.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
dlink/dir-859_firmware
1.05
dlink/dir-859_firmware
1.06b01 beta01
Published
Jan 29, 2020
Tracked Since
Feb 18, 2026