Vulnerability Details : CVE-2019-17621
Public exploit exists!
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Products affected by CVE-2019-17621
- cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*
CVE-2019-17621 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
D-Link DIR-859 Router Command Execution Vulnerability
CISA required action:
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
CISA description:
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local netwo
Notes:
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147; https://nvd.nist.gov/vuln/detail/CVE-2019-17621
Added on
2023-06-29
Action due date
2023-07-20
Exploit prediction scoring system (EPSS) score for CVE-2019-17621
96.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-17621
-
D-Link DIR-859 Unauthenticated Remote Command Execution
Disclosure Date: 2019-12-24First seen: 2020-04-26exploit/linux/upnp/dlink_dir859_subscribe_execD-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials. Authors: - Miguel Mendez Z., <Miguel Mendez Z., @s1kr10s
CVSS scores for CVE-2019-17621
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-17621
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-17621
-
https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104
D-Link DIR-859 —Unauthenticated RCE (CVE-2019–17621) [EN]Exploit;Third Party Advisory
-
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146
D-Link Technical SupportPatch;Vendor Advisory
-
https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9
D-Link DIR-859 — Unauthenticated RCE (CVE-2019–17621) [ES]Exploit;Third Party Advisory
-
https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104
D-Link DIR-859 —Unauthenticated RCE (CVE-2019–17621) | by Miguel Méndez Z. | MediumExploit;Third Party Advisory
-
https://www.dlink.com/en/security-bulletin
Security Bulletin | D-LinkVendor Advisory
-
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147
D-Link Technical SupportPatch;Vendor Advisory
-
https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf
Third Party Advisory;US Government Resource
-
https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9
410 Deleted by author — MediumBroken Link
-
http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html
D-Link DIR-859 Unauthenticated Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to