Unrated severityCISA KEVNVD Advisory· Published Dec 30, 2019· Updated Oct 21, 2025
CVE-2019-17621
CVE-2019-17621
Description
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Affected products
1- D-Link/DIR-859 Wi-Fi routerdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.htmlmitrex_refsource_MISC
- medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104mitrex_refsource_MISC
- medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9mitrex_refsource_MISC
- supportannouncement.us.dlink.com/announcement/publication.aspxmitrex_refsource_CONFIRM
- supportannouncement.us.dlink.com/announcement/publication.aspxmitrex_refsource_CONFIRM
- www.dlink.com/en/security-bulletinmitrex_refsource_MISC
- www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.