← back
CVE-2019-17508

CVE-2019-17508

EPSS 15.8%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 15.8%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
09 Aug 2017Metasploit module available
11 Oct 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
Affected products
n/a · n/a