Two security researchers, Miguel Mendez Z. — (s1kr10s) and Pablo Pollanco — (secenv) discovered a critical security flaw in the firmware of the D-Link DIR-859 router, unauthenticated RCE, which allows an attacker to take over any vulnerable router that is accessible via the Internet.
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Security has published Proof-of-Concept on Github.
D-link releases the update for fixing this vulnerability. The user should upgrade to the latest firmware for these vulnerable routers as soon as possible.