First published: Wed Jan 29 2020(Updated: )
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-859 Firmware | =1.05 | |
Dlink Dir-859 Firmware | =1.06b01-beta01 | |
Dlink Dir-859 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-20216 is critical with a CVSS score of 9.8 out of 10.
Remote attackers can exploit CVE-2019-20216 by sending a specially-crafted request to the ssdpcgi() function in /htdocs/cgibin using the M-SEARCH method.
D-Link DIR-859 firmware versions 1.05 and 1.06B01 Beta01 are affected by CVE-2019-20216.
Yes, D-Link has released a security announcement with instructions on how to mitigate the vulnerability. It is recommended to update to the latest firmware version.
The CWE ID for CVE-2019-20216 is 78, which indicates Improper Neutralization of Special Elements used in an OS Command (OS Command Injection).