CVE-2019-17621

CVE Database · CVE-2019-17621

CVE-2019-17621

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

89.62%

Published

Dec 30, 2019

Modified

Nov 7, 2025

CISA Known Exploited Vulnerability

Added: 2023-06-29 · Due: 2023-07-20

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoCSquirre17/CVE-2019-17621★3

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (37)

dlink · dir-859_firmwarevulnerable

dlink · dir-859

dlink · dir-822_firmwarevulnerable

dlink · dir-822

dlink · dir-822_firmwarevulnerable

dlink · dir-822

dlink · dir-823_firmwarevulnerable