CVE-2025-52079

Name of the Vulnerable Software and Affected Versions D-Link DIR-820L version 1.06B02

Description The administrator password setting has improper access control, allowing for unverified password changes via a crafted POST request to the /get set.ccp API endpoint. The request exploits a flaw in how the device handles password modifications. The vulnerable parameter is not explicitly specified.

Recommendations Apply a patch or update to a newer version that addresses this improper access control issue. As a temporary workaround, restrict access to the /get set.ccp API endpoint.