The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-30T16:09:17
Updated: 2024-08-05T01:47:13.504Z
Reserved: 2019-10-16T00:00:00
Link: CVE-2019-17621
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-12-30T17:15:19.857
Modified: 2024-06-27T19:16:32.357
Link: CVE-2019-17621
Redhat
No data.