CVE-2021-26709

Name of the Vulnerable Software and Affected Versions D-Link DSL-320B-D1 devices through EU 1.25

Description The issue is related to a buffer overflow in the device's firmware, allowing a remote attacker to gain unauthorized access to the device with user login.xgi privileges. The vulnerability can be exploited by unauthenticated remote attackers via the login.xgi user and pass parameters. It is noted that this issue only affects products that are no longer supported by the maintainer.

Recommendations For D-Link DSL-320B-D1 devices through EU 1.25, as a temporary workaround, consider disabling the login.xgi user until a patch is available. Restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.