Vulnerabilities > Dlink > DIR 859 Firmware

DATE CVE VULNERABILITY TITLE RISK
2024-01-21 CVE-2024-0769 Unspecified vulnerability in Dlink Dir-859 Firmware 1.06
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01.
network
low complexity
dlink
critical
 9.8
9.8
2023-07-31 CVE-2023-36092 Incorrect Authorization vulnerability in Dlink Dir-859 Firmware 1.05B03
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main.
network
low complexity
dlink CWE-863
critical
 9.8
9.8
2022-03-04 CVE-2022-25106 Out-of-bounds Write vulnerability in Dlink Dir-859 A3 Firmware and Dir-859 Firmware
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main.
local
low complexity
dlink CWE-787
5.5
5.5
2020-01-29 CVE-2019-20217 OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2020-01-29 CVE-2019-20216 OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2020-01-29 CVE-2019-20215 OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2020-01-02 CVE-2019-20213 Incorrect Authorization vulnerability in Dlink products
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
network
low complexity
dlink CWE-863
7.5
7.5
2019-12-30 CVE-2019-17621 OS Command Injection vulnerability in Dlink products
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
network
low complexity
dlink CWE-78
critical
 9.8
9.8