CVE-2019-20215
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
Los dispositivos D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permiten a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo por medio de una urn: en el método M-SEARCH en la función ssdpcgi() en el archivo /htdocs/cgibin, porque HTTP_ST se maneja inapropiadamente. El valor de la urn: service/device es verificado con la función strstr, lo que permite a un atacante concatenar comandos arbitrarios separados por metacaracteres de shell.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-02 CVE Reserved
- 2020-01-29 CVE Published
- 2020-02-10 First Exploit
- 2024-08-05 CVE Updated
- 2024-11-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (10)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/48037 | 2020-02-10 |
URL | Date | SRC |
---|---|---|
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 | 2023-11-07 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dlink Search vendor "Dlink" | Dir-859 Firmware Search vendor "Dlink" for product "Dir-859 Firmware" | 1.05 Search vendor "Dlink" for product "Dir-859 Firmware" and version "1.05" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-859 Search vendor "Dlink" for product "Dir-859" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dir-859 Firmware Search vendor "Dlink" for product "Dir-859 Firmware" | 1.06b01 Search vendor "Dlink" for product "Dir-859 Firmware" and version "1.06b01" | beta01 |
Affected
| in | Dlink Search vendor "Dlink" | Dir-859 Search vendor "Dlink" for product "Dir-859" | - | - |
Safe
|