Hugo Trovão

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-825 versions 1.33.0.44ebdd4-embedded and below **Description** The issue is related to a buffer overflow in the jsonrpc service of the D-Link DIR-825 router's firmware, which can be exploited by an attacker to execute arbitrary code or cause a denial of service. This can be achieved via the GetConfig method to the "/CPE" endpoint. **Recommendations** For D-Link DIR-825 versions 1.33.0.44ebdd4-embedded and below, consider disabling the GetConfig method to the /CPE endpoint as a temporary workaround until a patch is available. Restrict access to the jsonrpc service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.