D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
References
Link | Resource |
---|---|
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 | Patch Vendor Advisory |
https://medium.com/@s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-es-e11ca6168d35 | Exploit Third Party Advisory |
https://medium.com/@s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-en-6bca043500ae | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2020-01-28 19:15
Updated : 2020-01-31 06:41
NVD link : CVE-2019-20216
Mitre link : CVE-2019-20216
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
dlink
- dir-859
- dir-859_firmware