CVE-2024-36832

Name of the Vulnerable Software and Affected Versions D-Link DAP-1513 version REVA FIRMWARE 1.01

Description A null pointer dereference in the /bin/webs binary of the firmware allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. When the /bin/webs binary receives a carefully constructed HTTP request, it crashes and exits due to a null pointer reference, leading to a denial of service attack to the device. The vulnerability is related to errors in pointer dereferencing due to incorrect checking of the HTTP request format.

Recommendations For D-Link DAP-1513 version REVA FIRMWARE 1.01, as a temporary workaround, consider restricting access to the /bin/webs binary to minimize the risk of exploitation. Avoid sending specially crafted HTTP requests to the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.