99Iz

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-1360 versions prior to 20240112 D-Link DIR-300 versions prior to 20240112 D-Link DIR-615 versions prior to 20240112 D-Link DIR-615GF versions prior to 20240112 D-Link DIR-615S versions prior to 20240112 D-Link DIR-615T versions prior to 20240112 D-Link DIR-620 versions prior to 20240112 D-Link DIR-620S versions prior to 20240112 D-Link DIR-806A versions prior to 20240112 D-Link DIR-815 versions prior to 20240112 D-Link DIR-815AC versions prior to 20240112 D-Link DIR-815S versions prior to 20240112 D-Link DIR-816 versions prior to 20240112 D-Link DIR-820 versions prior to 20240112 D-Link DIR-822 versions prior to 20240112 D-Link DIR-825 versions prior to 20240112 D-Link DIR-825AC versions prior to 20240112 D-Link DIR-825ACF versions prior to 20240112 D-Link DIR-825ACG1 versions prior to 20240112 D-Link DIR-841 versions prior to 20240112 D-Link DIR-842 versions prior to 20240112 D-Link DIR-842S versions prior to 20240112 D-Link DIR-843 versions prior to 20240112 D-Link DIR-853 versions prior to 20240112 D-Link DIR-878 versions prior to 20240112 D-Link DIR-882 versions prior to 20240112 D-Link DIR-1210 versions prior to 20240112 D-Link DIR-1260 versions prior to 20240112 D-Link DIR-2150 versions prior to 20240112 D-Link DIR-X1530 versions prior to 20240112 D-Link DIR-X1860 versions prior to 20240112 D-Link DSL-224 versions prior to 20240112 D-Link DSL-245GR versions prior to 20240112 D-Link DSL-2640U versions prior to 20240112 D-Link DSL-2750U versions prior to 20240112 D-Link DSL-G2452GR versions prior to 20240112 D-Link DVG-5402G versions prior to 20240112 D-Link DVG-5402GFRU versions prior to 20240112 D-Link DVG-N5402G versions prior to 20240112 D-Link DVG-N5402G-IL versions prior to 20240112 D-Link DWM-312W versions prior to 20240112 D-Link DWM-321 versions prior to 20240112 D-Link DWR-921 versions prior to 20240112 D-Link DWR-953 versions prior to 20240112 Good Line Router v2 versions prior to 20240112 **Description** The issue is related to insufficient protection of service data when handling the `area` parameter in the devinfo interface of D-Link router firmware. This can be exploited by sending a specially crafted GET request, allowing a remote attacker to gain unauthorized access to protected information. The manipulation of the `area` argument with the input `notice|net|version` leads to information disclosure. The attack can be initiated remotely. **Recommendations** For all affected versions, consider disabling the HTTP GET Request Handler for the `/devinfo` component until a patch is available. Restrict access to the `/devinfo` endpoint to minimize the risk of exploitation. Avoid using the `area` parameter in the affected HTTP GET Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.