D-Link DIR-859 Unauthenticated Remote Command Execution
Posted on 22 January 2020
D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
