CVE-2019-10891

D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has “SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/” at the beginning.
Source: NIST
CVE-2019-10891