Dominic Chen

**Name of the Vulnerable Software and Affected Versions** Netgear WN604 versions prior to 3.3.3 Netgear WNAP210 versions prior to 3.5.5.0 Netgear WNAP320 versions prior to 3.5.5.0 Netgear WNDAP350 versions prior to 3.5.5.0 Netgear WNDAP360 versions prior to 3.5.5.0 Netgear WND930 versions prior to 2.0.11 **Description** The issue allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages, leading to information disclosure. **Recommendations** For Netgear WN604 versions prior to 3.3.3, update to version 3.3.3 or later. For Netgear WNAP210 versions prior to 3.5.5.0, update to version 3.5.5.0 or later. For Netgear WNAP320 versions prior to 3.5.5.0, update to version 3.5.5.0 or later. For Netgear WNDAP350 versions prior to 3.5.5.0, update to version 3.5.5.0 or later. For Netgear WNDAP360 versions prior to 3.5.5.0, update to version 3.5.5.0 or later. For Netgear WND930 versions prior to 2.0.11, update to version 2.0.11 or later.

**Name of the Vulnerable Software and Affected Versions** Netgear WNAP320 versions prior to 3.5.5.0 Netgear WNDAP350 versions prior to 3.5.5.0 Netgear WNDAP360 versions prior to 3.5.5.0 **Description** The issue allows wireless passwords and administrative usernames and passwords to be revealed over SNMP. **Recommendations** For Netgear WNAP320 versions prior to 3.5.5.0, update to version 3.5.5.0 or later. For Netgear WNDAP350 versions prior to 3.5.5.0, update to version 3.5.5.0 or later. For Netgear WNDAP360 versions prior to 3.5.5.0, update to version 3.5.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-1353 versions 3.15 and earlier D-Link DAP-2553 versions 1.31 and earlier D-Link DAP-3520 versions 1.16 and earlier **Description** The issue allows the revelation of wireless passwords and administrative usernames and passwords over SNMP. **Recommendations** For D-Link DAP-1353 versions 3.15 and earlier, restrict access to SNMP to minimize the risk of exploitation. For D-Link DAP-2553 versions 1.31 and earlier, restrict access to SNMP to minimize the risk of exploitation. For D-Link DAP-3520 versions 1.16 and earlier, restrict access to SNMP to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-2310 versions 2.06 and earlier D-Link DAP-2330 versions 1.06 and earlier D-Link DAP-2360 versions 2.06 and earlier D-Link DAP-2553 H/W ver. B1 versions 3.05 and earlier D-Link DAP-2660 versions 1.11 and earlier D-Link DAP-2690 versions 3.15 and earlier D-Link DAP-2695 versions 1.16 and earlier D-Link DAP-3320 versions 1.00 and earlier D-Link DAP-3662 versions 1.01 and earlier **Description** The issue is related to a buffer overflow in the D-Link router firmware, which can be exploited by a remote attacker using a specially crafted `dlink uid` cookie parameter. This may allow the attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For D-Link DAP-2310 versions 2.06 and earlier, update to a version later than 2.06. For D-Link DAP-2330 versions 1.06 and earlier, update to a version later than 1.06. For D-Link DAP-2360 versions 2.06 and earlier, update to a version later than 2.06. For D-Link DAP-2553 H/W ver. B1 versions 3.05 and earlier, update to a version later than 3.05. For D-Link DAP-2660 versions 1.11 and earlier, update to a version later than 1.11. For D-Link DAP-2690 versions 3.15 and earlier, update to a version later than 3.15. For D-Link DAP-2695 versions 1.16 and earlier, update to a version later than 1.16. For D-Link DAP-3320 versions 1.00 and earlier, update to a version later than 1.00. For D-Link DAP-3662 versions 1.01 and earlier, update to a version later than 1.01. As a temporary workaround, consider restricting access to the `dlink uid` cookie parameter until a patch is available.