CVE-2019-13265

Name of the Vulnerable Software and Affected Versions D-link DIR-825AC G1 versions (affected versions not specified)

Description The issue is related to insufficient compartmentalization between a host network and a guest network established by the same device. These devices forward ARP requests between the host and the guest networks, which can be used as a direct covert channel. An attacker can exploit this by sending an ARP request to an arbitrary computer on the network. The exploitation depends on the router's restriction of ARP forwarding, which in this case is not restricted.

Recommendations For D-link DIR-825AC G1 devices, consider restricting ARP forwarding to requests destined for the network's subnet mask as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.