CVE-2021-29296

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 2.10b02

Description: The issue is a Null Pointer Dereference vulnerability that could allow a remote malicious user to cause a denial of service. This can be triggered by sending an HTTP request with the URL /vct wan, which causes the sbin/httpd to invoke the strchr function with NULL as the first argument, leading to a segmentation fault.

Recommendations: For D-Link DIR-825 version 2.10b02, since the device is considered End of Life and the issue will not be patched, consider replacing the device with a supported model to mitigate the risk of exploitation. As a temporary workaround, restrict access to the /vct wan URL to minimize the risk of denial of service attacks.