VYPR

DIR-859

by Dlink

CVEs (12)

  • CVE-2019-17621KEVDec 30, 2019
    Dlink
    DIR-859
    risk 0.22cvss epss 0.93

    The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

  • CVE-2024-0769KEVJan 21, 2024
    Dlink
    DIR-859
    risk 0.18cvss epss 0.75

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service…

  • CVE-2019-20215Jan 29, 2020
    Dlink
    DIR-859
    risk 0.10cvss epss 0.90

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which…

  • CVE-2019-17508Oct 11, 2019
    Dlink
    DIR-859
    risk 0.08cvss epss 0.67

    On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.

  • CVE-2024-57045Feb 18, 2025
    Dlink
    DIR-859
    risk 0.05cvss epss 0.61

    A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page.

  • CVE-2022-46476Jan 19, 2023
    Dlink
    DIR-859
    risk 0.03cvss epss 0.34

    D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.

  • CVE-2023-39638Sep 14, 2023
    Dlink
    DIR-859
    risk 0.00cvss epss 0.02

    D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.

  • CVE-2023-36092Jul 31, 2023
    Dlink
    DIR-859
    risk 0.00cvss epss 0.00

    Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

  • CVE-2022-25106Mar 4, 2022
    Dlink
    DIR-859
    risk 0.00cvss epss 0.00

    D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

  • CVE-2019-20217Jan 29, 2020
    Dlink
    DIR-859
    risk 0.00cvss epss 0.06

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function,…

  • CVE-2019-20216Jan 29, 2020
    Dlink
    DIR-859
    risk 0.00cvss epss 0.05

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function,…

  • CVE-2019-20213Jan 2, 2020
    Dlink
    DIR-859
    risk 0.00cvss epss 0.01

    D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.