Published: 30/12/2019 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 892

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote malicious user to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dir-859_firmware
dlink dir-859_firmware 1.06b01
dlink dir-822_firmware
dlink dir-823_firmware
dlink dir-823_firmware 1.00b06
dlink dir-865l_firmware
dlink dir-868l_firmware
dlink dir-869_firmware
dlink dir-869_firmware 1.03b02
dlink dir-880l_firmware
dlink dir-890l_firmware
dlink dir-890l_firmware 1.11b01
dlink dir-890r_firmware
dlink dir-890r_firmware 1.11b01
dlink dir-885l_firmware
dlink dir-885r_firmware
dlink dir-895l_firmware
dlink dir-895r_firmware
dlink dir-818lx_firmware -

CVE-2019-17621 DLink_RCE

DLink RCE vuln CVE-2019-17621 unauthenticated rce FAT can emulate this so plz use attifyos

IoT固件漏洞复现环境

IoT-vulhub 受 Vulhub 项目的启发，希望做一个 IoT 版的固件漏洞复现环境。 IoT-vulhub 安装使用说明漏洞环境列表贡献指南关注我们安装在 Ubuntu 2004 下安装 docker 和 docker-compose： # 安装 pip $ curl -s bootstrappypaio/get-pippy | python3 # 安装最新版 docker $ curl -s getdockercom/ | sh # 启�

GoInputProxy - log and pass inputs (stdin, arguments, environment variables) to a given program, log outputs

GoInputProxy goInputProxy - log and pass inputs (STDIN, arguments, environment variables) to /htdocs/cgibin_, log outputs to /tmp/ and system logs This go program was used to debug the "/htdocs/cgibin" binary executable file in the D-Link DIR-859L and other SOHO routers It helped us discover and debug multiple vulnerabilities: mediumcom/@s1kr10s/d-link-dir-

IoT固件漏洞复现环境

IoT-vulhub 受 Vulhub 项目的启发，希望做一个 IoT 版的固件漏洞复现环境。 IoT-vulhub 安装使用说明漏洞环境列表贡献指南关注我们安装在 Ubuntu 2004 下安装 docker 和 docker-compose： # 安装 pip $ curl -s bootstrappypaio/get-pippy | python3 # 安装最新版 docker $ curl -s getdockercom/ | sh # 启�

D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621)

D-Link-DIR-859 RCE UnAuthenticated SUBSCRIBE (CVE-2019–17621) RCE UnAuthenticated M-SEARCH RCE UnAuthenticated REMOTE_PORT RCE UnAuthenticated SERVER_ID Unauthenticated Information Disclosure SUBSCRIBE Exploit M-SEARCH Exploit Targets Payload with (URN:) Payload with (UUID:)

Simulate firmware with one click of firmadyne (使用 firmadyne 一键模拟固件)

Firmware Analysis Plus (Fap) 👉 English 上游项目支持：binwalk、firmadyne、firmware-analysis-toolkit firmware-analysis-plus（Fap）主要用于常见路由器固件的仿真，可以进行固件的安全测试。感谢以下开源项目：binwalk 提供优秀的固件提取 API，firmadyne 提供优秀的固件仿真核心支持，firmware-analysis-toolkit 提�

This tool is used for backdoor,shellcode generation,Information retrieval and POC arrangement for various architecture devices

hackebds 🔗中文readme foreword In the process of penetration and vulnerability mining of embedded devices, many problems have been encountered One is that some devices do not have telnetd or ssh services to obtain an interactive shell，Some devices are protected by firewall and cannot be connected to it in the forward direction Reverse_shell is required, and the other

CWE-78 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf https://www.dlink.com/en/security-bulletin https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146 http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104 https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9 https://nvd.nist.gov https://github.com/Ler2sq/CVE-2019-17621

CVE-2019-17621

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect