CVE-2019-17511

Name of the Vulnerable Software and Affected Versions D-Link DIR-412 version A1-1.14WW

Description The issue concerns a lack of authentication requirements for certain web interfaces on the affected router. This allows an attacker to access the router's log file through the "log get.php" API endpoint, potentially revealing the intranet network structure. The vulnerability is related to insufficient authentication in the router's firmware, which could enable a remote attacker to gain unauthorized access to protected information.

Recommendations For D-Link DIR-412 version A1-1.14WW, consider restricting access to the "log get.php" API endpoint until a patch is available. As a temporary workaround, limit access to the router's web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.