CVE-2020-9278

Name of the Vulnerable Software and Affected Versions D-Link DSL-2640B versions prior to EU 4.01B

Description The issue is related to insufficient input validation, allowing a remote attacker to reset the device's configuration by accessing an unauthenticated URL, such as "/api/v1/reset" or similar. This can lead to a loss of device settings and potentially expose the device to further attacks.

Recommendations For D-Link DSL-2640B version EU 4.01B and earlier, consider restricting access to unauthenticated URLs as a temporary workaround until a patch is available. Avoid using unauthenticated API endpoints, such as /api/v1/reset, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.