CVE-2019-20216 — OS Command Injection in Dlink Dir-859 Firmware

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

5.1%

top 10.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-859 Firmware

Timeline

PublishedJan 29

Latest updateMay 24

Description

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDdlink/dir-859_firmware1.05, 1.06b01+1

Patches

Patch: supportannouncement.us.dlink.com ↗Patch: supportannouncement.us.dlink.com ↗

🔴Vulnerability Details

GHSA

GHSA-v9mx-483f-5528: D-Link DIR-859 1↗2022-05-24

▶

CVEList

CVE-2019-20216: D-Link DIR-859 1↗2020-01-29

▶