CVE-2024-33113

Name of the Vulnerable Software and Affected Versions D-LINK DIR-845L versions <=v1.01KRb03

Description The issue is related to insufficient protection of internal data when handling the file parameter, potentially allowing a remote attacker to gain unauthorized access to protected information. The vulnerability can be exploited through the bsc sms inbox.php file by manipulating the include() function and the $file variable, which may enable attackers to include arbitrary PHP scripts and retrieve sensitive information, such as the router's username and password.

Recommendations For D-LINK DIR-845L versions <=v1.01KRb03, consider disabling access to the bsc sms inbox.php file until a patch is available. Restrict the use of the $file variable in the affected PHP scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.