CVE-2021-29294

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2740R version UK 1.01

Description: A Null Pointer Dereference issue exists, which could allow a remote malicious user to cause a denial of service via the send hnap unauthorized function. This can be triggered by sending a crafted POST request to "/HNAP1/". The device is considered End of Life and will not be patched.

Recommendations: As a temporary workaround, consider disabling the send hnap unauthorized function until a formal resolution can be applied, however, since the device is End of Life and will not receive a patch, this may be the only available mitigation measure. Restrict access to the "/HNAP1/" endpoint to minimize the risk of exploitation.