CVE-2019-15655

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2875AL versions 1.00.05 and earlier

Description: The issue is related to insufficient protection of registration data, allowing an attacker to gain unauthorized access to protected information using a specially crafted request to the "romfile.cfg" endpoint. This request does not require authentication and leads to saving the configuration file, which stores the password in cleartext.

Recommendations: For versions 1.00.05 and earlier, as a temporary workaround, consider restricting access to the "romfile.cfg" endpoint until a patch is available. Avoid using the web management server without proper authentication to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.