CVE-2019-7390

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G firmware 1.02B03

Description The issue is related to incorrect access control in the /bin/goahead executable, allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN without authentication. This can be achieved via the SetWanSettings HNAP API. The vulnerability is associated with errors in access control, which can be exploited by a remote attacker to intercept the DNS service configuration through the API interface using the SetWanSettings function.

Recommendations For D-Link DIR-823G firmware 1.02B03, as a temporary workaround, consider restricting access to the /bin/goahead executable and the SetWanSettings HNAP API to minimize the risk of exploitation. Avoid using the SetWanSettings function in the affected API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.