CVE-2019-13263

Name of the Vulnerable Software and Affected Versions D-Link DIR-825AC G1 devices (affected versions not specified)

Description The issue exists due to insufficient input validation in the D-Link router firmware, allowing a remote attacker to bypass compartmentalization between the host network and the guest network using the DHCP protocol. Specifically, when a DHCP Request is sent to the router with a certain Transaction ID field, the router responds with an ACK or NAK message. In the case of a NAK response, the router erroneously sends the NAK to both the host and guest networks with the same Transaction ID, potentially allowing data to be encoded and sent across the router.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.