CVE-2019-10891: OS Command Injection
First published: Fri Sep 06 2019(Updated: )
An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-806 Firmware | ||
| Dlink Dir-806 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-10891.
What is the severity of CVE-2019-10891?
The severity of CVE-2019-10891 is critical with a severity value of 9.8.
What is the affected software?
The affected software is D-Link DIR-806 devices with firmware version up to * and Dlink Dir-806 (hardware).
What is the impact of this vulnerability?
This vulnerability allows remote attackers to execute arbitrary shell commands with a special HTTP header.
Is there a fix available for CVE-2019-10891?
A fix for CVE-2019-10891 is not available at the moment. It is recommended to apply any security patches or updates provided by the vendor.
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/dlink
- canonical/dlink dir-806 firmware
- canonical/dlink dir-806