Gregory Basior

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-865L Ax version 1.20B01 Beta **Description** The issue is related to the lack of protection against cross-site request forgery (CSRF) in the web interface of the D-Link DIR-865L router's firmware. This can allow a remote attacker to modify, add, or delete data. **Recommendations** For D-Link DIR-865L Ax version 1.20B01 Beta, consider disabling access to the web interface until a patch is available to prevent potential exploitation. Restrict access to the router's configuration to minimize the risk of unauthorized changes.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-865L Ax version 1.20B01 Beta **Description** The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary operating system commands. The vulnerability is related to the cgibin.exe executable file of the D-Link DIR-865L router's firmware. **Recommendations** For D-Link DIR-865L Ax version 1.20B01 Beta, consider disabling the cgibin.exe executable file as a temporary workaround until a patch is available. Restrict access to the vulnerable executable file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-865L versions 1.20B01 **Description** The issue is related to inadequate encryption strength in the SharePort Web Access component of the D-Link DIR-865L router's firmware. This could allow a remote attacker to bypass existing security restrictions using a brute force attack. **Recommendations** For version 1.20B01, consider restricting access to the SharePort Web Access component until a patch is available. As a temporary workaround, limit the use of remote connections to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-865L Ax version 1.20B01 Beta **Description** The issue is related to the cleartext transmission of sensitive information and a vulnerability in the adv gzone.php component of the D-Link DIR-865L router's firmware, which is associated with the use of Wired Equivalent Privacy (WEP). This vulnerability can be exploited by a remote attacker to obtain the password used for the guest network. **Recommendations** For D-Link DIR-865L Ax version 1.20B01 Beta, consider disabling the use of WEP encryption as a temporary workaround until a patch is available. Restrict access to the adv gzone.php component to minimize the risk of exploitation. Avoid using the guest network feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-865L Ax version 1.20B01 Beta **Description** The issue is related to a predictable seed in a Pseudo-Random Number Generator, specifically in the `get random string` function of the D-Link DIR-865L router's firmware. This is caused by errors in the code of the pseudo-random number generator. Exploitation of this issue may allow a remote attacker to disclose protected information. **Recommendations** For D-Link DIR-865L Ax version 1.20B01 Beta, consider restricting access to the `get random string` function until a patch is available. As a temporary workaround, avoid using the pseudo-random number generator for sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-865L Ax version 1.20B01 Beta **Description** The issue is related to the cleartext storage of sensitive information in the D-Link DIR-865L Ax router's firmware. This is due to a lack of protection for service data in the tools admin.php component. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected data. **Recommendations** For D-Link DIR-865L Ax version 1.20B01 Beta, consider restricting access to the tools admin.php component to minimize the risk of exploitation until a patch is available.