CVE-2019-17508

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
67.4%
top 1.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dir-850l A FirmwareDlink Dir-859 A3 Firmware
Timeline
PublishedOct 11
Latest updateMay 24

Description

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-6333-6p7v-pc93: On D-Link DIR-859 A3-12022-05-24
CVEList
CVE-2019-17508: On D-Link DIR-859 A3-12019-10-11
CVE-2019-17508 (CRITICAL CVSS 9.8) | On D-Link DIR-859 A3-1.06 and DIR-8 | cvebase.io