CVE-2024-8461

Name of the Vulnerable Software and Affected Versions: D-Link DNS-320 version 2.02b01

Description: The issue is related to the disclosure of information in the /cgi-bin/discovery.cgi file of the Web Management Interface component in the D-Link DNS-320 router's firmware. This can be exploited remotely, allowing an attacker to disclose confidential information. The product is end-of-life and should be retired and replaced.

Recommendations: For D-Link DNS-320 version 2.02b01, consider retiring and replacing the product as it is end-of-life and no longer supported by the maintainer. As a temporary workaround, restrict access to the /cgi-bin/discovery.cgi file in the Web Management Interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.