Arbitrary OS Command Execution in D-Link DIR-859 1.05 and 1.06B01 Beta01 Devices

Arbitrary OS Command Execution in D-Link DIR-859 1.05 and 1.06B01 Beta01 Devices

CVE-2019-20216 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.

Learn more about our Web Application Penetration Testing UK.