CVE-2019-13560

Name of the Vulnerable Software and Affected Versions D-Link DIR-655 C versions prior to 3.02B05 BETA03

Description The issue allows remote attackers to force a blank password. This is achieved through the apply sec.cgi API endpoint, specifically by manipulating the setup wizard parameter.

Recommendations For versions prior to 3.02B05 BETA03, update to version 3.02B05 BETA03 or later to resolve the issue. As a temporary workaround, consider restricting access to the apply sec.cgi API endpoint to minimize the risk of exploitation. Avoid using the setup wizard parameter in the affected API endpoint until the issue is resolved.