module
D-Link DIR-859 Unauthenticated Remote Command Execution
| Disclosed |
|---|
| Dec 24, 2019 |
Disclosed
Dec 24, 2019
Description
D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP
interface. The vulnerability exists in /gena.cgi (function genacgi_main() in
/htdocs/cgibin), which is accessible without credentials.
interface. The vulnerability exists in /gena.cgi (function genacgi_main() in
/htdocs/cgibin), which is accessible without credentials.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.