ID

VAR-201912-1012


CVE

CVE-2019-17621


TITLE

D-Link DIR-859 Wi-Fi At the router OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013893

DESCRIPTION

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. D-Link DIR-859 Wi-Fi The router has OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-859 is a wireless router from Taiwan D-Link Corporation. A remote command execution vulnerability exists in DLINK's DIR-859 series routers. Attackers can use this vulnerability to execute arbitrary commands on target devices with root privileges

Trust: 2.25

sources: NVD: CVE-2019-17621 // JVNDB: JVNDB-2019-013893 // CNVD: CNVD-2020-03900 // VULMON: CVE-2019-17621

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03900

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-818lxscope:eqversion: -

Trust: 2.2

vendor:dlinkmodel:dir-890lscope:eqversion:1.11b01

Trust: 1.6

vendor:dlinkmodel:dir-890rscope:eqversion:1.11b01

Trust: 1.6

vendor:dlinkmodel:dir-880lscope:lteversion:1.08b04

Trust: 1.0

vendor:dlinkmodel:dir-868lscope:lteversion:2.05b02

Trust: 1.0

vendor:dlinkmodel:dir-822scope:lteversion:2.03b01

Trust: 1.0

vendor:dlinkmodel:dir-890rscope:lteversion:1.11b01

Trust: 1.0

vendor:dlinkmodel:dir-823scope:lteversion:1.00b06

Trust: 1.0

vendor:dlinkmodel:dir-869scope:lteversion:1.03b02

Trust: 1.0

vendor:dlinkmodel:dir-885lscope:lteversion:1.12b05

Trust: 1.0

vendor:dlinkmodel:dir-890lscope:lteversion:1.11b01

Trust: 1.0

vendor:dlinkmodel:dir-895rscope:lteversion:1.12b10

Trust: 1.0

vendor:dlinkmodel:dir-868lscope:lteversion:1.12b04

Trust: 1.0

vendor:dlinkmodel:dir-895lscope:lteversion:1.12b10

Trust: 1.0

vendor:dlinkmodel:dir-823scope:eqversion:1.00b06

Trust: 1.0

vendor:dlinkmodel:dir-869scope:eqversion:1.03b02

Trust: 1.0

vendor:dlinkmodel:dir-885rscope:lteversion:1.12b05

Trust: 1.0

vendor:dlinkmodel:dir-859scope:eqversion:1.06b01

Trust: 1.0

vendor:dlinkmodel:dir-859scope:lteversion:1.05b03

Trust: 1.0

vendor:dlinkmodel:dir-822scope:lteversion:3.12b04

Trust: 1.0

vendor:dlinkmodel:dir-865lscope:lteversion:1.07b01

Trust: 1.0

vendor:d linkmodel:dir-822scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-823scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-859scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-865lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-868lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-869scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-880lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-885lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-890lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-890rscope: - version: -

Trust: 0.8

vendor:dlinkmodel:dir-859 v1.06b01 beta01scope: - version: -

Trust: 0.6

vendor:dlinkmodel:dir-895lscope:eqversion: -

Trust: 0.6

vendor:dlinkmodel:dir-890lscope:eqversion: -

Trust: 0.6

vendor:dlinkmodel:dir-890rscope:eqversion: -

Trust: 0.6

vendor:dlinkmodel:dir-895rscope:eqversion: -

Trust: 0.6

vendor:dlinkmodel:dir-885lscope:eqversion: -

Trust: 0.6

vendor:dlinkmodel:dir-885rscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-03900 // JVNDB: JVNDB-2019-013893 // CNNVD: CNNVD-201912-1224 // NVD: CVE-2019-17621

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-17621
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-17621
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-03900
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-1224
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-17621
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-17621
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-03900
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-17621
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-17621
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03900 // VULMON: CVE-2019-17621 // JVNDB: JVNDB-2019-013893 // CNNVD: CNNVD-201912-1224 // NVD: CVE-2019-17621

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-013893 // NVD: CVE-2019-17621

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1224

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201912-1224

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013893

PATCH

title:SAP10146url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146

Trust: 0.8

title:SAP10147url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147

Trust: 0.8

title:Security Bulletinurl:https://www.dlink.com/en/security-bulletin

Trust: 0.8

title:Command execution vulnerability in DLINKDIR-859 router v1.06B01 BETA01url:https://www.cnvd.org.cn/patchInfo/show/195823

Trust: 0.6

title:D-Link DIR-859 Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106703

Trust: 0.6

title:IoT-vulhuburl:https://github.com/VulnTotal-Team/IoT-vulhub

Trust: 0.1

sources: CNVD: CNVD-2020-03900 // VULMON: CVE-2019-17621 // JVNDB: JVNDB-2019-013893 // CNNVD: CNNVD-201912-1224

EXTERNAL IDS

db:NVDid:CVE-2019-17621

Trust: 3.1

db:PACKETSTORMid:156054

Trust: 1.6

db:DLINKid:SAP10146

Trust: 1.6

db:DLINKid:SAP10147

Trust: 1.6

db:JVNDBid:JVNDB-2019-013893

Trust: 0.8

db:CNVDid:CNVD-2020-03900

Trust: 0.6

db:CNNVDid:CNNVD-201912-1224

Trust: 0.6

db:VULMONid:CVE-2019-17621

Trust: 0.1

sources: CNVD: CNVD-2020-03900 // VULMON: CVE-2019-17621 // JVNDB: JVNDB-2019-013893 // CNNVD: CNNVD-201912-1224 // NVD: CVE-2019-17621

REFERENCES

url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146

Trust: 1.6

url:https://www.dlink.com/en/security-bulletin

Trust: 1.6

url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147

Trust: 1.6

url:https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf

Trust: 1.6

url:http://packetstormsecurity.com/files/156054/d-link-dir-859-unauthenticated-remote-command-execution.html

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17621

Trust: 1.4

url:https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104

Trust: 1.0

url:https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17621

Trust: 0.8

url:https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104

Trust: 0.6

url:https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9

Trust: 0.6

sources: JVNDB: JVNDB-2019-013893 // CNNVD: CNNVD-201912-1224 // NVD: CVE-2019-17621

CREDITS

Miguel Mendez Z, Pablo Pollanco P

Trust: 0.6

sources: CNNVD: CNNVD-201912-1224

SOURCES

db:CNVDid:CNVD-2020-03900
db:VULMONid:CVE-2019-17621
db:JVNDBid:JVNDB-2019-013893
db:CNNVDid:CNNVD-201912-1224
db:NVDid:CVE-2019-17621

LAST UPDATE DATE

2024-11-23T21:59:32.207000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-03900date:2020-02-12T00:00:00
db:VULMONid:CVE-2019-17621date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2019-013893date:2020-01-21T00:00:00
db:CNNVDid:CNNVD-201912-1224date:2020-02-12T00:00:00
db:NVDid:CVE-2019-17621date:2024-11-21T04:32:38.893

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-03900date:2020-02-14T00:00:00
db:VULMONid:CVE-2019-17621date:2019-12-30T00:00:00
db:JVNDBid:JVNDB-2019-013893date:2020-01-21T00:00:00
db:CNNVDid:CNNVD-201912-1224date:2019-12-30T00:00:00
db:NVDid:CVE-2019-17621date:2019-12-30T17:15:19.857