QwikSec

Security Database

CVE

CWE

Training

CVE-2019-10891

Published: Sep 6, 2019

Modified: Jan 9, 2025

PUBLISHED

Description

An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

Weaknesses (CWE)

References

https://github.com/Kirin-say/Vulnerabilities/blob/master/DIR-806_Code_Injection.md

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.