Exploited
CWE
78
Advisory Published
Updated

CVE-2019-17621: D-Link DIR-859 Router Command Execution Vulnerability

First published: Mon Dec 30 2019(Updated: )

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Dlink Dir-859 Firmware<=1.05b03
Dlink Dir-859 Firmware=1.06b01-beta1
Dlink Dir-859
Dlink Dir-822 Firmware<=2.03b01
Dlink Dir-822
Dlink Dir-822 Firmware<=3.12b04
Dlink Dir-823 Firmware<=1.00b06
Dlink Dir-823 Firmware=1.00b06-beta
Dlink Dir-823
Dlink Dir-865l Firmware<=1.07b01
Dlink Dir-865l
Dlink Dir-868l Firmware<=1.12b04
Dlink Dir-868l
Dlink Dir-868l Firmware<=2.05b02
Dlink Dir-869 Firmware<=1.03b02
Dlink Dir-869 Firmware=1.03b02-beta02
Dlink Dir-869
Dlink Dir-880l Firmware<=1.08b04
Dlink Dir-880l
Dlink Dir-890l Firmware<=1.11b01
Dlink Dir-890l Firmware=1.11b01-beta01
Dlink Dir-890l
Dlink Dir-890r Firmware<=1.11b01
Dlink Dir-890r Firmware=1.11b01-beta01
Dlink Dir-890r
Dlink Dir-885l Firmware<=1.12b05
Dlink Dir-885l
Dlink Dir-885r Firmware<=1.12b05
Dlink Dir-885r
Dlink Dir-895l Firmware<=1.12b10
Dlink Dir-895l
Dlink Dir-895r Firmware<=1.12b10
Dlink Dir-895r
Dlink Dir-818lx Firmware
Dlink Dir-818lx
All of
Any of
Dlink Dir-859 Firmware<=1.05b03
Dlink Dir-859 Firmware=1.06b01-beta1
Dlink Dir-859
All of
Dlink Dir-822 Firmware<=2.03b01
Dlink Dir-822
All of
Dlink Dir-822 Firmware<=3.12b04
Dlink Dir-822
All of
Any of
Dlink Dir-823 Firmware<=1.00b06
Dlink Dir-823 Firmware=1.00b06-beta
Dlink Dir-823
All of
Dlink Dir-865l Firmware<=1.07b01
Dlink Dir-865l
All of
Dlink Dir-868l Firmware<=1.12b04
Dlink Dir-868l
All of
Dlink Dir-868l Firmware<=2.05b02
Dlink Dir-868l
All of
Any of
Dlink Dir-869 Firmware<=1.03b02
Dlink Dir-869 Firmware=1.03b02-beta02
Dlink Dir-869
All of
Dlink Dir-880l Firmware<=1.08b04
Dlink Dir-880l
All of
Any of
Dlink Dir-890l Firmware<=1.11b01
Dlink Dir-890l Firmware=1.11b01-beta01
Dlink Dir-890l
All of
Any of
Dlink Dir-890r Firmware<=1.11b01
Dlink Dir-890r Firmware=1.11b01-beta01
Dlink Dir-890r
All of
Dlink Dir-885l Firmware<=1.12b05
Dlink Dir-885l
All of
Dlink Dir-885r Firmware<=1.12b05
Dlink Dir-885r
All of
Dlink Dir-895l Firmware<=1.12b10
Dlink Dir-895l
All of
Dlink Dir-895r Firmware<=1.12b10
Dlink Dir-895r
All of
Dlink Dir-818lx Firmware
Dlink Dir-818lx
D-Link DIR-859 router
All of
Any of
<=1.05b03
=1.06b01-beta1
All of
<=2.03b01
All of
<=3.12b04
All of
Any of
<=1.00b06
=1.00b06-beta
All of
<=1.07b01
All of
<=1.12b04
All of
<=2.05b02
All of
Any of
<=1.03b02
=1.03b02-beta02
All of
<=1.08b04
All of
Any of
<=1.11b01
=1.11b01-beta01
All of
Any of
<=1.11b01
=1.11b01-beta01
All of
<=1.12b05
All of
<=1.12b05
All of
<=1.12b10
All of
<=1.12b10
All of

Remedy

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2019-17621?

    CVE-2019-17621 is a command execution vulnerability in the D-Link DIR-859 Router.

  • What is the severity of CVE-2019-17621?

    CVE-2019-17621 has a severity rating of 9.8, which is considered critical.

  • How does the CVE-2019-17621 vulnerability affect D-Link DIR-859 Router?

    The CVE-2019-17621 vulnerability allows an unauthenticated remote attacker to execute system commands as root on the D-Link DIR-859 Router.

  • Is D-Link DIR-859 Router the only affected software?

    No, other versions of the D-Link firmware may also be affected by the CVE-2019-17621 vulnerability.

  • How can I fix the CVE-2019-17621 vulnerability?

    To fix the CVE-2019-17621 vulnerability, you should update your D-Link DIR-859 Router firmware to the latest version available.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203