#VU24733 OS Command Injection in DIR-859 - CVE-2019-20216

Cybersecurity Help s.r.o.

Published: 2020-01-29

Vulnerability identifier: #VU24733

Vulnerability risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2019-20216

CWE-ID: CWE-78

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DIR-859
Hardware solutions / Routers for home users

Vendor: D-Link

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to the REMOTE_PORT is mishandled in the "ssdpcgi()" function in "/htdocs/cgibin". A remote unauthenticated attacker can execute arbitrary OS commands on the target system via urn: to the M-SEARCH method.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DIR-859: 1.05 - 1.06b01Beta01

External links
https://medium.com/@s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-en-6bca043500ae
https://medium.com/@s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-es-e11ca6168d35
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in D-Link DIR-859