CVE-2019-10891

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 6, 2019

Updated: Jan 9, 2025

CWE ID 78

Summary

CVE-2019-10891: A vulnerability was discovered in D-Link DIR-806 devices, affecting the hnap_main function. This issue allows attackers to execute arbitrary shell commands via a specially crafted HTTP header. The function in question calls the system() command without proper input validation, making it possible for unauthorized users to inject and execute malicious commands, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/Zqlf76
https://www.cve.org/CVERecord?id=CVE-2019-10891
https://nvd.nist.gov/vuln/detail/CVE-2019-10891

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

Know What Matters

For Customers

For Partners

CVE-2019-10891

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations