The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-30T16:09:17

Updated: 2024-08-05T01:47:13.504Z

Reserved: 2019-10-16T00:00:00

Link: CVE-2019-17621

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-12-30T17:15:19.857

Modified: 2024-06-27T19:16:32.357

Link: CVE-2019-17621

cve-icon Redhat

No data.