CVE-2023-26615

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G firmware version 1.02B05

Description The issue is related to a password reset vulnerability in the D-Link DIR-823G firmware, which stems from errors in the password recovery mechanism. This vulnerability can be exploited by remote attackers to gain unauthorized access to protected information by resetting the password. The vulnerability originates from the "SetMultipleActions API", allowing attackers to reset the WEB page management password.

Recommendations For D-Link DIR-823G firmware version 1.02B05, as a temporary workaround, consider restricting access to the SetMultipleActions API until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.