D-Link DIR-859 Router Command Execution Vulnerability - 20230630005¶
Overview¶
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
What is the vulnerability?¶
CVE-2023-25717 - CVSS v3 Base Score: 9.8 - Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends to apply updates as per vendor instructions or disconnect product if it is end-of-life.