CVE-2024-0769 – D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal
https://notcve.org/view.php?id=CVE-2024-0769
A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. • https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 https://vuldb.com/?ctiid.251666 https://vuldb.com/?id.251666 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-20217
https://notcve.org/view.php?id=CVE-2019-20217
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. Los dispositivos D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permiten a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo por medio de la urn: en el método M-SEARCH en la función ssdpcgi() en el archivo /htdocs/cgibin, porque SERVER_ID se maneja inapropiadamente. El valor de la urn: service/device es verificado con la función strstr, lo que permite a un atacante concatenar comandos arbitrarios separados por metacaracteres de shell. • https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-en-6bca043500ae https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-es-e11ca6168d35 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-20216
https://notcve.org/view.php?id=CVE-2019-20216
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. Los dispositivos D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permiten a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo por medio de la urn: en el método M-SEARCH en la función ssdpcgi() en el archivo /htdocs/cgibin, porque REMOTE_PORT se maneja inapropiadamente. El valor de la urn: service/device es verificado con la función strstr, lo que permite a un atacante concatenar comandos arbitrarios separados por metacaracteres de shell. • https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-en-6bca043500ae https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-es-e11ca6168d35 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-20215 – D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi
https://notcve.org/view.php?id=CVE-2019-20215
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. Los dispositivos D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permiten a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo por medio de una urn: en el método M-SEARCH en la función ssdpcgi() en el archivo /htdocs/cgibin, porque HTTP_ST se maneja inapropiadamente. El valor de la urn: service/device es verificado con la función strstr, lo que permite a un atacante concatenar comandos arbitrarios separados por metacaracteres de shell. • https://www.exploit-db.com/exploits/48037 http://packetstormsecurity.com/files/156250/D-Link-ssdpcgi-Unauthenticated-Remote-Command-Execution.html https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-rce-in-ssdpcgi-http-st-cve-2019-20215-en-2e799acb8a73 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 https://attackerkb.com/topics/uqicA23ecz/cve-2023-33625 https://github.com/zcutlip/exploit-poc/tree/master/dlink/dir-815-a1/upnp-command-injection https://medium.co • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-20213
https://notcve.org/view.php?id=CVE-2019-20213
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •