CVE-2019-13264

Name of the Vulnerable Software and Affected Versions D-link DIR-825AC G1

Description The issue arises from insufficient compartmentalization between a host network and a guest network established by the same device. An attacker can exploit this by joining and then leaving an IGMP group, causing the router to create an IGMP Membership Query packet with the Group IP and send it to both the host and guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. This is also related to insufficient input validation in the device's firmware.

Recommendations For D-link DIR-825AC G1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.