vendor:
DIR-817LW Wireless AC750 Dual Band Cloud Router
by:
Samuel Huntley
7.5
CVSS
HIGH
Buffer overflow and Command injection
119, 77, 78
CWE
Product Name: DIR-817LW Wireless AC750 Dual Band Cloud Router
Affected Version From: DIR-815 firmware
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE: h:d-link:dir-817lw
Platforms Tested:
2020
DIR-817LW Buffer overflows and Command injection in authentication and HNAP functionalities
Three security issues in DIR-815 firmware allow an unauthenticated attacker to exploit command injection and buffer overflows in authentication and HNAP functionality. The attacker can be on the wireless LAN or WAN if the management interface is exposed to attack directly or using XSRF if not exposed.
Mitigation:
The vendor has fixed the issues and released firmware updates. Users are advised to update their router firmware to the latest version.