Denis Makrushin

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-620 version 1.0.37 **Description** The issue allows remote attackers to obtain access via a TELNET session, due to a hardcoded `rostel` account in a certain Rostelekom variant of the firmware. **Recommendations** For version 1.0.37, consider disabling the TELNET service until a patch is available to prevent remote attackers from obtaining access.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-620 devices with customized firmware versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22 **Description** The issue is related to a hardcoded password for the admin account, specifically set to `anonymous`. This could allow a remote attacker to gain unauthorized access and elevate their privileges, potentially accessing protected information. **Recommendations** For firmware versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, consider changing the admin account password to a secure one as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-620 versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22 **Description** The issue is related to incorrect processing of the `res buf` parameter to "index.cgi", allowing OS command injection. This can be exploited by a remote attacker to execute arbitrary commands. The vulnerability is due to the failure to neutralize special elements used in the operating system command. **Recommendations** For D-Link DIR-620 devices with the affected firmware versions, consider disabling access to the "index.cgi" endpoint until a patch is available. Avoid using the `res buf` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.