CVE-2021-28839

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2310 version 2.07.RC031 D-Link DAP-2330 version 1.07.RC028 D-Link DAP-2360 version 2.07.RC043 D-Link DAP-2553 version 3.06.RC027 D-Link DAP-2660 version 1.13.RC074 D-Link DAP-2690 version 3.16.RC100 D-Link DAP-2695 version 1.17.RC063 D-Link DAP-3320 version 1.01.RC014 D-Link DAP-3662 version 1.01.RC022

Description: A Null Pointer Dereference issue exists in the upload certificate function of the sbin/httpd binary. This occurs when the binary handles a specific HTTP GET request, causing the strrchr function to take NULL as its first argument, resulting in a Null Pointer Dereference.

Recommendations: For D-Link DAP-2310 version 2.07.RC031, consider disabling the upload certificate function in the sbin/httpd binary until a patch is available. For D-Link DAP-2330 version 1.07.RC028, consider disabling the upload certificate function in the sbin/httpd binary until a patch is available. For D-Link DAP-2360 version 2.07.RC043, consider disabling the upload certificate function in the sbin/httpd binary until a patch is available. For D-Link DAP-2553 version 3.06.RC027, consider disabling the upload certificate function in the sbin/httpd binary until a patch is available. For D-Link DAP-2660 version 1.13.RC074, consider disabling the upload certificate function in the sbin/httpd binary until a patch is available. For D-Link DAP-2690 version 3.16.RC100, consider disabling the upload certificate function in the sbin/httpd binary until a patch is available. For D-Link DAP-2695 version 1.17.RC063, consider disabling the upload certificate function in the sbin/httpd binary until a patch is available. For D-Link DAP-3320 version 1.01.RC014, consider disabling the upload certificate function in the sbin/httpd binary until a patch is available. For D-Link DAP-3662 version 1.01.RC022, consider disabling the upload certificate function in the sbin/httpd binary until a patch is available.