CVE-2024-28730

Name of the Vulnerable Software and Affected Versions: D-Link DWR 2000M versions prior to the fixed version DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 version DWR-2000M 1.34ME

Description: The issue exists due to the lack of protection for the web page structure in the VPN configuration module's file upload function. This allows an attacker to conduct cross-site scripting attacks by uploading a specially crafted OpenVPN configuration file (.ovpn). A local attacker can obtain sensitive information via the file upload feature of the VPN configuration module.

Recommendations: For D-Link DWR 2000M versions prior to the fixed version, consider disabling the file upload feature of the VPN configuration module until a patch is available. For DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 version DWR-2000M 1.34ME, restrict access to the VPN configuration module to minimize the risk of exploitation.