CVE-2025-1103

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126 through 240802

Description A problematic issue was found in the HTTP POST Request Handler component, specifically affecting the set wifi blacklists function of the /goform/set wifi blacklists file. The manipulation of the macList argument leads to a null pointer dereference. This issue can be exploited remotely.

Recommendations For versions 240126 through 240802, as a temporary workaround, consider disabling the set wifi blacklists function until a patch is available. Restrict access to the /goform/set wifi blacklists endpoint to minimize the risk of exploitation. Avoid using the macList argument in the affected HTTP POST Request Handler until the issue is resolved.