CVE-2019-17512

Name of the Vulnerable Software and Affected Versions D-Link DIR-412 A1 version 1.14WW

Description The issue concerns the presence of unauthenticated web interfaces on the affected router. An attacker can exploit this by accessing the "log clear.php" endpoint with specific parameters, such as act=clear&logtype=sysact, to clear the router's system log file. This could potentially be used to erase traces of malicious activity.

Recommendations For D-Link DIR-412 A1 version 1.14WW, as a temporary workaround, consider restricting access to the "log clear.php" endpoint to prevent unauthorized log file clearance. Additionally, avoid using the act and logtype parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.