Cve 2019 20215 #12887
This module exploits CVE-2019–20215, an unauthenticated remote injection of operating system commands. The vulnerability was found in the ssdpcgi() function, and the payload can be injected through either the UUID or URN headers of a M-SEARCH UPnP request.
Get a D-Link DIR-859 router (or any of the devices/firmware versions mentioned here), or download firmware versions 1.06 or 1.05 and run them on firmadyne or similar emulation frameworks.
D-link DIR-859 Firmware 1.05
Tested on emulated
This exploits an unauthenticated command injection vulnerability for a subset of D'link routers. Passing commands through either the