Zyw

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2740R version UK 1.01 Description: A Null Pointer Dereference issue exists, which could allow a remote malicious user to cause a denial of service via the `send hnap unauthorized` function. This can be triggered by sending a crafted POST request to "/HNAP1/". The device is considered End of Life and will not be patched. Recommendations: As a temporary workaround, consider disabling the `send hnap unauthorized` function until a formal resolution can be applied, however, since the device is End of Life and will not receive a patch, this may be the only available mitigation measure. Restrict access to the "/HNAP1/" endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.10 Description: A Null Pointer Dereference issue exists, which could allow a remote malicious user to cause a denial of service via `usr/bin/lighttpd`. This can be triggered by sending an HTTP request without a URL in the start line directly to the device. Recommendations: For D-Link DSP-W215 version 1.10, consider restricting access to the device to minimize the risk of exploitation, as this issue will not be patched due to the device being End of Life. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 2.10b02 Description: The issue is a Null Pointer Dereference vulnerability that could allow a remote malicious user to cause a denial of service. This can be triggered by sending an HTTP request with the URL /vct wan, which causes the sbin/httpd to invoke the `strchr` function with NULL as the first argument, leading to a segmentation fault. Recommendations: For D-Link DIR-825 version 2.10b02, since the device is considered End of Life and the issue will not be patched, consider replacing the device with a supported model to mitigate the risk of exploitation. As a temporary workaround, restrict access to the /vct wan URL to minimize the risk of denial of service attacks.