VYPR
Critical severity9.8NVD Advisory· Published Jan 29, 2020· Updated Jun 17, 2026

CVE-2019-20216

CVE-2019-20216

Description

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • D-Link/DIR-859description
  • Dlink/DIR-859llm-create
    Range: 1.05, 1.06B01 Beta01

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.