Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
D-Link DIR-859 操作系统命令注入漏洞
Vulnerability Description
D-Link DIR-859是中国台湾友讯(D-Link)公司的一款无线路由器。 D-Link DIR-859 1.05版本和1.06B01 Beta01版本中的/htdocs/cgibin文件的‘ssdpcgi()’函数存在操作系统命令注入漏洞,该漏洞源于程序没有正确处理HTTP_ST。攻击者可利用该漏洞执行任意的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A