CVE-2019-9126

Name of the Vulnerable Software and Affected Versions D-Link DIR-825 versions 2.10

Description The issue is related to a lack of protection for service data, which can be exploited by a remote attacker to disclose protected information by requesting the router info.xml document. This can reveal sensitive device information, including the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information.

Recommendations For version 2.10, consider restricting access to the router info.xml document until a patch is available. As a temporary workaround, limit remote access to the device to minimize the risk of exploitation.