First published: Fri Oct 11 2019(Updated: )
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-859 A3 Firmware | =1.06 | |
Dlink Dir-859 A3 | ||
Dlink Dir-850l A Firmware | =1.13 | |
Dlink Dir-850l A |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-17508 is a vulnerability found in D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices that allows command injection via the $SERVER variable.
D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices are affected by CVE-2019-17508.
Yes, Dlink Dir-859 A3 Firmware version 1.06 is vulnerable to CVE-2019-17508.
Yes, Dlink Dir-850l A Firmware version 1.13 is vulnerable to CVE-2019-17508.
CVE-2019-17508 has a severity rating of 9.8 (critical).
To fix CVE-2019-17508, it is recommended to apply the latest firmware update provided by D-Link for the affected devices.
You can find more information about CVE-2019-17508 at the following reference: https://github.com/dahua966/Routers-vuls/tree/master/DIR-859