CVE-2020-29557

Name of the Vulnerable Software and Affected Versions D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20 D-Link DIR-825/GF D-Link DIR-825/A/D1 D-Link DIR-825/AC/E1A

Description An issue was discovered in the web interface of D-Link DIR-825 devices, allowing attackers to achieve pre-authentication remote code execution due to a buffer overflow. The vulnerability is related to a lack of mechanism for checking the size of copied data. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20, consider disabling the web interface until a patch is available. For D-Link DIR-825/GF, D-Link DIR-825/A/D1, and D-Link DIR-825/AC/E1A, restrict access to the web interface to minimize the risk of exploitation. As a temporary workaround, avoid using the web interface for remote management until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.