D Link · D-Link Dir-822 · CVE-2019-6258
**Name of the Vulnerable Software and Affected Versions**
D-Link DIR-822 Rev.Bx devices with firmware version 202KRb06 and older
**Description**
The issue concerns a buffer overflow that can occur when handling long MacAddress data in a "HNAP1/SetClientInfo" HNAP protocol message. This message is mishandled by the `/usr/sbin/udhcpd` process during the reading of the `/var/servd/LAN-1-udhcpd.conf` file.
**Recommendations**
For D-Link DIR-822 Rev.Bx devices with firmware version 202KRb06 and older, consider updating the firmware to a version newer than 202KRb06 to resolve the issue. As a temporary workaround, restrict access to the `/HNAP1/SetClientInfo` API endpoint to minimize the risk of exploitation.