CVE-2024-36755

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1950 versions up to v1.11B03

Description: The issue is related to the failure to validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to perform a man-in-the-middle attack, potentially downgrading the firmware version or changing the downloading URL. The vulnerability is associated with errors in the certificate authentication procedure during updates, which can be exploited by a remote attacker to implement a man-in-the-middle (MITM) attack.

Recommendations: For D-Link DIR-1950 versions up to v1.11B03, consider disabling automatic firmware updates until a patch is available to prevent potential exploitation. Restrict access to the device's update mechanism to minimize the risk of a man-in-the-middle attack. Avoid using unsecured networks when updating the firmware to reduce the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.