theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2019-17621

CISA KEV

Published June 29, 2023 · Updated April 3, 2026

high
Official Description+

D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

Affected Products

VendorProduct
D-LinkDIR-859 Router

Patch Status

Patch by 2023-07-20

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2019-17621.