CVE-2019-17507

Name of the Vulnerable Software and Affected Versions D-Link DIR-816 A1 version 1.06

Description An issue allows an attacker to access management pages of the router by ignoring a specific line in an .asp file, providing access to sensitive pages such as d status.asp, version.asp, d dhcptbl.asp, and d acl.asp. The vulnerability is related to insufficient input validation in the Management Page component of the D-Link DIR-816 A1 wireless router's firmware, which can allow a remote attacker to gain unauthorized access to protected information.

Recommendations For D-Link DIR-816 A1 version 1.06, as a temporary workaround, consider restricting access to the management pages until a patch is available. Avoid using clients that ignore the 'top.location.href = "/dir login.asp"' line in the .asp file to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.