CVE-2021-28838

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2310 version 2,10RC039 D-Link DAP-2330 version 1.10RC036 BETA D-Link DAP-2360 version 2.10RC055 D-Link DAP-2553 version 3.10rc039 BETA D-Link DAP-2660 version 1.15rc131b D-Link DAP-2690 version 3.20RC115 BETA D-Link DAP-2695 version 1.20RC093 D-Link DAP-3320 version 1.05RC027 BETA D-Link DAP-3662 version 1.05rc069

Description: A null pointer dereference vulnerability exists in the sbin/httpd binary of the affected D-Link devices. The crash occurs at the atoi operation when a specific network package is sent to the httpd binary.

Recommendations: For D-Link DAP-2310 version 2,10RC039, update to a newer version that contains a fix for this issue. For D-Link DAP-2330 version 1.10RC036 BETA, update to a newer version that contains a fix for this issue. For D-Link DAP-2360 version 2.10RC055, update to a newer version that contains a fix for this issue. For D-Link DAP-2553 version 3.10rc039 BETA, update to a newer version that contains a fix for this issue. For D-Link DAP-2660 version 1.15rc131b, update to a newer version that contains a fix for this issue. For D-Link DAP-2690 version 3.20RC115 BETA, update to a newer version that contains a fix for this issue. For D-Link DAP-2695 version 1.20RC093, update to a newer version that contains a fix for this issue. For D-Link DAP-3320 version 1.05RC027 BETA, update to a newer version that contains a fix for this issue. For D-Link DAP-3662 version 1.05rc069, update to a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the atoi operation in the sbin/httpd binary until a patch is available.