Awesome
D-Link-DIR-859
- RCE UnAuthenticated SUBSCRIBE (CVE-2019–17621)
- RCE UnAuthenticated M-SEARCH
- RCE UnAuthenticated REMOTE_PORT
- RCE UnAuthenticated SERVER_ID
- Unauthenticated Information Disclosure
SUBSCRIBE Exploit
<p align="center">
<img src="https://raw.githubusercontent.com/s1kr10s/D-Link-DIR-859-RCE/master/subscribe_1.png" width="600" alt="accessibility text">
</p>
<br>
<p align="center">
<img src="https://raw.githubusercontent.com/s1kr10s/D-Link-DIR-859-RCE/master/subscribe_2.png" width="600" alt="accessibility text">
</p>
<br>
<br>
M-SEARCH Exploit
Targets
<p align="center">
<img src="https://raw.githubusercontent.com/s1kr10s/D-Link-DIR-859-RCE/master/ssdpcgi__1.png" width="600" alt="accessibility text">
</p>
<br>
Payload with (URN:)
<p align="center">
<img src="https://raw.githubusercontent.com/s1kr10s/D-Link-DIR-859-RCE/master/ssdpcgi__2.png" width="600" alt="accessibility text">
</p>
<br>
Payload with (UUID:)
<p align="center">
<img src="https://raw.githubusercontent.com/s1kr10s/D-Link-DIR-859-RCE/master/ssdpcgi__3.png" width="600" alt="accessibility text">
</p>
<br>