Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dlink dir-859 firmware vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-20217
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote malicious users to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr functi...
Dlink Dir-859 Firmware 1.05
Dlink Dir-859 Firmware 1.06b01
1 Github repository
9.8
CVSSv3
CVE-2019-20215
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote malicious users to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, ...
Dlink Dir-859 Firmware 1.05
Dlink Dir-859 Firmware 1.06b01
1 Github repository
9.8
CVSSv3
CVE-2019-20216
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote malicious users to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr func...
Dlink Dir-859 Firmware 1.05
Dlink Dir-859 Firmware 1.06b01
1 Github repository
5.5
CVSSv3
CVE-2022-25106
D-Link DIR-859 v1.05 exists to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted payload.
Dlink Dir-859 Firmware 1.05
Dlink Dir-859 A3 Firmware 1.05
9.8
CVSSv3
CVE-2023-39638
D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 exists to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.
Dlink Dir-859 A1 Firmware 1.05
Dlink Dir-859 A1 Firmware 1.06
9.8
CVSSv3
CVE-2024-0769
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service wi...
Dlink Dir-859 Firmware 1.06
9.8
CVSSv3
CVE-2023-36092
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote malicious users to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Dlink Dir-859 Firmware 1.05b03
9.8
CVSSv3
CVE-2022-46476
D-Link DIR-859 A1 1.05 exists to contain a command injection vulnerability via the service= variable in the soapcgi_main function.
Dlink Dir-859 A1 Firmware 1.05
9.8
CVSSv3
CVE-2019-17508
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
Dlink Dir-859 A3 Firmware 1.06
Dlink Dir-850l A Firmware 1.13
7.5
CVSSv3
CVE-2019-20213
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
Dlink Dir-859 Firmware
Dlink Dir-859 Firmware 1.06b01
Dlink Dir-822 Firmware
Dlink Dir-823 Firmware
Dlink Dir-865l Firmware
Dlink Dir-868l Firmware
Dlink Dir-869 Firmware
Dlink Dir-880l Firmware
Dlink Dir-890l Firmware
Dlink Dir-890r Firmware
Dlink Dir-885l Firmware
Dlink Dir-885r Firmware
Dlink Dir-895l Firmware
Dlink Dir-895r Firmware
Dlink Dir-818lx Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »