CVE-2021-29379

Name of the Vulnerable Software and Affected Versions: D-Link DIR-802 A1 versions 1.00b05 and earlier

Description: An issue was discovered where Universal Plug and Play (UPnP) is enabled by default on port 1900, allowing an attacker to perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. This issue only affects products that are no longer supported by the maintainer.

Recommendations: For D-Link DIR-802 A1 versions 1.00b05 and earlier, consider disabling the UPnP feature on port 1900 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.