CVE-2021-46442

Name of the Vulnerable Software and Affected Versions D-Link DIR-825 G1

Description The issue is related to the "webupg" binary, where attackers can bypass authentication through the autoupgrade.asp parameter. This allows them to perform unauthorized actions, such as downloading configuration files and updating firmware. The vulnerability is associated with weaknesses in authentication when handling the autoupgrade.asp parameter, which can be exploited using a specially crafted POST request.

Recommendations For D-Link DIR-825 G1, as a temporary workaround, consider restricting access to the autoupgrade.asp parameter to minimize the risk of exploitation. Avoid using the autoupgrade.asp parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.