First published: Mon Dec 30 2019(Updated: )
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-859 Firmware | <=1.05b03 | |
Dlink Dir-859 Firmware | =1.06b01-beta1 | |
Dlink Dir-859 | ||
Dlink Dir-822 Firmware | <=2.03b01 | |
Dlink Dir-822 | ||
Dlink Dir-822 Firmware | <=3.12b04 | |
Dlink Dir-823 Firmware | <=1.00b06 | |
Dlink Dir-823 Firmware | =1.00b06-beta | |
Dlink Dir-823 | ||
Dlink Dir-865l Firmware | <=1.07b01 | |
Dlink Dir-865l | ||
Dlink Dir-868l Firmware | <=1.12b04 | |
Dlink Dir-868l | ||
Dlink Dir-868l Firmware | <=2.05b02 | |
Dlink Dir-869 Firmware | <=1.03b02 | |
Dlink Dir-869 Firmware | =1.03b02-beta02 | |
Dlink Dir-869 | ||
Dlink Dir-880l Firmware | <=1.08b04 | |
Dlink Dir-880l | ||
Dlink Dir-890l Firmware | <=1.11b01 | |
Dlink Dir-890l Firmware | =1.11b01-beta01 | |
Dlink Dir-890l | ||
Dlink Dir-890r Firmware | <=1.11b01 | |
Dlink Dir-890r Firmware | =1.11b01-beta01 | |
Dlink Dir-890r | ||
Dlink Dir-885l Firmware | <=1.12b05 | |
Dlink Dir-885l | ||
Dlink Dir-885r Firmware | <=1.12b05 | |
Dlink Dir-885r | ||
Dlink Dir-895l Firmware | <=1.12b10 | |
Dlink Dir-895l | ||
Dlink Dir-895r Firmware | <=1.12b10 | |
Dlink Dir-895r | ||
Dlink Dir-818lx Firmware | ||
Dlink Dir-818lx | ||
All of | ||
Any of | ||
Dlink Dir-859 Firmware | <=1.05b03 | |
Dlink Dir-859 Firmware | =1.06b01-beta1 | |
Dlink Dir-859 | ||
All of | ||
Dlink Dir-822 Firmware | <=2.03b01 | |
Dlink Dir-822 | ||
All of | ||
Dlink Dir-822 Firmware | <=3.12b04 | |
Dlink Dir-822 | ||
All of | ||
Any of | ||
Dlink Dir-823 Firmware | <=1.00b06 | |
Dlink Dir-823 Firmware | =1.00b06-beta | |
Dlink Dir-823 | ||
All of | ||
Dlink Dir-865l Firmware | <=1.07b01 | |
Dlink Dir-865l | ||
All of | ||
Dlink Dir-868l Firmware | <=1.12b04 | |
Dlink Dir-868l | ||
All of | ||
Dlink Dir-868l Firmware | <=2.05b02 | |
Dlink Dir-868l | ||
All of | ||
Any of | ||
Dlink Dir-869 Firmware | <=1.03b02 | |
Dlink Dir-869 Firmware | =1.03b02-beta02 | |
Dlink Dir-869 | ||
All of | ||
Dlink Dir-880l Firmware | <=1.08b04 | |
Dlink Dir-880l | ||
All of | ||
Any of | ||
Dlink Dir-890l Firmware | <=1.11b01 | |
Dlink Dir-890l Firmware | =1.11b01-beta01 | |
Dlink Dir-890l | ||
All of | ||
Any of | ||
Dlink Dir-890r Firmware | <=1.11b01 | |
Dlink Dir-890r Firmware | =1.11b01-beta01 | |
Dlink Dir-890r | ||
All of | ||
Dlink Dir-885l Firmware | <=1.12b05 | |
Dlink Dir-885l | ||
All of | ||
Dlink Dir-885r Firmware | <=1.12b05 | |
Dlink Dir-885r | ||
All of | ||
Dlink Dir-895l Firmware | <=1.12b10 | |
Dlink Dir-895l | ||
All of | ||
Dlink Dir-895r Firmware | <=1.12b10 | |
Dlink Dir-895r | ||
All of | ||
Dlink Dir-818lx Firmware | ||
Dlink Dir-818lx | ||
D-Link DIR-859 router | ||
All of | ||
Any of | ||
<=1.05b03 | ||
=1.06b01-beta1 | ||
All of | ||
<=2.03b01 | ||
All of | ||
<=3.12b04 | ||
All of | ||
Any of | ||
<=1.00b06 | ||
=1.00b06-beta | ||
All of | ||
<=1.07b01 | ||
All of | ||
<=1.12b04 | ||
All of | ||
<=2.05b02 | ||
All of | ||
Any of | ||
<=1.03b02 | ||
=1.03b02-beta02 | ||
All of | ||
<=1.08b04 | ||
All of | ||
Any of | ||
<=1.11b01 | ||
=1.11b01-beta01 | ||
All of | ||
Any of | ||
<=1.11b01 | ||
=1.11b01-beta01 | ||
All of | ||
<=1.12b05 | ||
All of | ||
<=1.12b05 | ||
All of | ||
<=1.12b10 | ||
All of | ||
<=1.12b10 | ||
All of | ||
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-17621 is a command execution vulnerability in the D-Link DIR-859 Router.
CVE-2019-17621 has a severity rating of 9.8, which is considered critical.
The CVE-2019-17621 vulnerability allows an unauthenticated remote attacker to execute system commands as root on the D-Link DIR-859 Router.
No, other versions of the D-Link firmware may also be affected by the CVE-2019-17621 vulnerability.
To fix the CVE-2019-17621 vulnerability, you should update your D-Link DIR-859 Router firmware to the latest version available.