CVE-2024-10916

Name of the Vulnerable Software and Affected Versions D-Link DNS-320 versions up to 20241028 D-Link DNS-320LW versions up to 20241028 D-Link DNS-325 versions up to 20241028 D-Link DNS-340L versions up to 20241028

Description The issue is related to insufficient protection of service data in the /xml/info.xml file of the HTTP GET Request Handler component in D-Link DNS devices. This can be exploited by a remote attacker to disclose confidential information. The manipulation leads to information disclosure and can be initiated remotely.

Recommendations For D-Link DNS-320 versions up to 20241028, consider restricting access to the /xml/info.xml file until a patch is available. For D-Link DNS-320LW versions up to 20241028, consider restricting access to the /xml/info.xml file until a patch is available. For D-Link DNS-325 versions up to 20241028, consider restricting access to the /xml/info.xml file until a patch is available. For D-Link DNS-340L versions up to 20241028, consider restricting access to the /xml/info.xml file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.