Loading
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Use CWE-78, Dlink vendor hub and Dir-859 Firmware product page to widen CVE-2019-17621 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2024-0769, CVE-2023-36092 and CVE-2019-20217 for nearby disclosures in the same product family.