Skip to main content
CVE-2019-17508 CRITICAL POC THREAT Emergency

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 859 A3 Firmware Dir 850L A Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
15.8%
CVE-2019-17510 CRITICAL POC Act Now

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-17509 CRITICAL POC Act Now

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-17506 CRITICAL POC THREAT Act Now

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 868L B1 Firmware Dir 817Lw A1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
57.3%
CVE-2019-17059 CRITICAL POC Act Now

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos Command Injection Cyberoamos
NVD
CVSS 3.1
9.8
EPSS
7.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy