Jjy470742953

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1950 versions up to v1.11B03 Description: The issue is related to the failure to validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to perform a man-in-the-middle attack, potentially downgrading the firmware version or changing the downloading URL. The vulnerability is associated with errors in the certificate authentication procedure during updates, which can be exploited by a remote attacker to implement a man-in-the-middle (MITM) attack. Recommendations: For D-Link DIR-1950 versions up to v1.11B03, consider disabling automatic firmware updates until a patch is available to prevent potential exploitation. Restrict access to the device's update mechanism to minimize the risk of a man-in-the-middle attack. Avoid using unsecured networks when updating the firmware to reduce the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link R15 versions prior to 1.08.02 **Description** The issue is related to a lack of firewall restrictions for IPv6 traffic, allowing attackers to access services running on the device that may be listening via IPv6. This can enable unauthorized access to arbitrary services. **Recommendations** For versions prior to 1.08.02, update to version 1.08.02 or later to resolve the issue. As a temporary workaround, consider restricting access to services that may be listening via IPv6 until the update is applied.