CVE-2024-0717

Name of the Vulnerable Software and Affected Versions D-Link DAP-1360 versions prior to 20240112 D-Link DIR-300 versions prior to 20240112 D-Link DIR-615 versions prior to 20240112 D-Link DIR-615GF versions prior to 20240112 D-Link DIR-615S versions prior to 20240112 D-Link DIR-615T versions prior to 20240112 D-Link DIR-620 versions prior to 20240112 D-Link DIR-620S versions prior to 20240112 D-Link DIR-806A versions prior to 20240112 D-Link DIR-815 versions prior to 20240112 D-Link DIR-815AC versions prior to 20240112 D-Link DIR-815S versions prior to 20240112 D-Link DIR-816 versions prior to 20240112 D-Link DIR-820 versions prior to 20240112 D-Link DIR-822 versions prior to 20240112 D-Link DIR-825 versions prior to 20240112 D-Link DIR-825AC versions prior to 20240112 D-Link DIR-825ACF versions prior to 20240112 D-Link DIR-825ACG1 versions prior to 20240112 D-Link DIR-841 versions prior to 20240112 D-Link DIR-842 versions prior to 20240112 D-Link DIR-842S versions prior to 20240112 D-Link DIR-843 versions prior to 20240112 D-Link DIR-853 versions prior to 20240112 D-Link DIR-878 versions prior to 20240112 D-Link DIR-882 versions prior to 20240112 D-Link DIR-1210 versions prior to 20240112 D-Link DIR-1260 versions prior to 20240112 D-Link DIR-2150 versions prior to 20240112 D-Link DIR-X1530 versions prior to 20240112 D-Link DIR-X1860 versions prior to 20240112 D-Link DSL-224 versions prior to 20240112 D-Link DSL-245GR versions prior to 20240112 D-Link DSL-2640U versions prior to 20240112 D-Link DSL-2750U versions prior to 20240112 D-Link DSL-G2452GR versions prior to 20240112 D-Link DVG-5402G versions prior to 20240112 D-Link DVG-5402GFRU versions prior to 20240112 D-Link DVG-N5402G versions prior to 20240112 D-Link DVG-N5402G-IL versions prior to 20240112 D-Link DWM-312W versions prior to 20240112 D-Link DWM-321 versions prior to 20240112 D-Link DWR-921 versions prior to 20240112 D-Link DWR-953 versions prior to 20240112 Good Line Router v2 versions prior to 20240112

Description The issue is related to insufficient protection of service data when handling the area parameter in the devinfo interface of D-Link router firmware. This can be exploited by sending a specially crafted GET request, allowing a remote attacker to gain unauthorized access to protected information. The manipulation of the area argument with the input notice|net|version leads to information disclosure. The attack can be initiated remotely.

Recommendations For all affected versions, consider disabling the HTTP GET Request Handler for the /devinfo component until a patch is available. Restrict access to the /devinfo endpoint to minimize the risk of exploitation. Avoid using the area parameter in the affected HTTP GET Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.