CVE-2009-4821

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 3.10NA

Description The issue allows remote attackers to change the admin password via the admin password parameter, disable the security requirement for the Wi-Fi network, or modify DNS settings. This is possible because the D-Link DIR-615 with the specified firmware does not require administrative authentication for the "apply.cgi" endpoint.

Recommendations For D-Link DIR-615 version 3.10NA, as a temporary workaround, consider restricting access to the "apply.cgi" endpoint until a patch is available. Avoid using the admin password parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.