CVE-2024-36831

Name of the Vulnerable Software and Affected Versions D-Link DAP-1520 version REVA FIRMWARE 1.10B04 BETA02 HOTFIX

Description A NULL pointer dereference in the plugins call handle uri clean function allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication. The issue is related to errors in pointer dereference due to incorrect checking of the HTTP request format. Exploitation of the issue may allow a remote attacker to cause a denial of service by sending specially crafted HTTP requests.

Recommendations For D-Link DAP-1520 version REVA FIRMWARE 1.10B04 BETA02 HOTFIX, as a temporary workaround, consider disabling the plugins call handle uri clean function until a patch is available. Restrict access to the vulnerable plugins call handle uri clean function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.