Zarathustra-L

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-890L version FW1.10 A1 **Description** The issue is related to authentication bypass in the D-Link DIR-890L router. It is caused by weaknesses in the authentication procedure, which can be exploited by a remote attacker to bypass security restrictions and recover login credentials by sending a specially crafted request. **Recommendations** For D-Link DIR-890L version FW1.10 A1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-879 version v105A1 **Description** The issue is related to a component called `phpcgi` in the D-Link DIR-879 router's firmware, which has weaknesses in its authentication procedure. This can be exploited by a remote attacker to bypass security restrictions and recover login credentials by sending a specially crafted request. **Recommendations** For D-Link DIR-879 version v105A1, consider disabling the `phpcgi` component as a temporary workaround until a patch is available. Restrict access to the router's administration interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** D-Link DIR-869 versão DIR869Ax FW102B15 **Descrição** O problema está relacionado à contornamento da autenticação via phpcgi. **Recomendações** Para o D-Link DIR-869 versão DIR869Ax FW102B15, como solução temporária, considere restringir o acesso ao phpcgi até que uma correção esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.