CVE-2023-51989

Name of the Vulnerable Software and Affected Versions D-Link DIR-822+ version 1.0.2

Description The issue is related to a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. This is due to the lack of authentication for a critical function in the D-Link DIR-822 router's firmware. Exploitation of this issue may allow a remote attacker to enter administrator accounts with empty passwords.

Recommendations For D-Link DIR-822+ version 1.0.2, consider disabling the HNAP1 interface until a patch is available to prevent potential login bypass attacks. Restrict access to administrator accounts to minimize the risk of exploitation. Avoid using empty passwords for administrator accounts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.