CVE-2019-7388

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G firmware 1.02B03

Description An issue was discovered allowing remote attackers to get sensitive information, such as MAC addresses, about all clients in the WLAN via the "GetClientInfo HNAP API" endpoint. This is due to incorrect access control, enabling information disclosure without authentication.

Recommendations For firmware 1.02B03, as a temporary workaround, consider restricting access to the GetClientInfo HNAP API endpoint until a patch is available. Avoid using the GetClientInfo function in the HNAP API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.