CVE-2021-33266

Name of the Vulnerable Software and Affected Versions D-Link DIR-809 devices with firmware through DIR-809Ax FW1.12WWB03 20190410

Description A stack buffer overflow issue exists in the FUN 8004776c function, located in the /formVirtualApp endpoint. This issue can be triggered via a crafted POST request, potentially allowing a remote attacker to execute arbitrary code in the system.

Recommendations For D-Link DIR-809 devices with firmware through DIR-809Ax FW1.12WWB03 20190410, as a temporary workaround, consider disabling the FUN 8004776c function in the /formVirtualApp endpoint until a patch is available. Restrict access to the /formVirtualApp endpoint to minimize the risk of exploitation. Avoid using crafted POST requests to the /formVirtualApp endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.