CVE-2019-9124

Name of the Vulnerable Software and Affected Versions D-Link DIR-878 version 1.12B01

Description An issue was discovered that allows an attacker to log in with a blank password at the /HNAP1 URI. The vulnerability is related to weaknesses in the HNAP1 protocol implementation, specifically in the authentication procedure. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For D-Link DIR-878 version 1.12B01, as a temporary workaround, consider restricting access to the /HNAP1 URI until a patch is available. Avoid using blank passwords for authentication in the affected device.