Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dlink Subscribe
Filtered by product Dir-859
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17621 1 Dlink 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more 2023-01-20 10.0 HIGH 9.8 CRITICAL
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
CVE-2022-25106 1 Dlink 4 Dir-859, Dir-859 A3, Dir-859 A3 Firmware and 1 more 2022-03-11 7.1 HIGH 5.5 MEDIUM
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.
CVE-2019-20213 1 Dlink 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
CVE-2019-20215 1 Dlink 2 Dir-859, Dir-859 Firmware 2020-02-07 10.0 HIGH 9.8 CRITICAL
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
CVE-2019-20217 1 Dlink 2 Dir-859, Dir-859 Firmware 2020-01-31 10.0 HIGH 9.8 CRITICAL
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
CVE-2019-20216 1 Dlink 2 Dir-859, Dir-859 Firmware 2020-01-31 10.0 HIGH 9.8 CRITICAL
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.