D-Link DIR-825 Rev B <= 2.10b02 NULL Pointer Dereference Vulnerability CVE-2021-29296
- CVSSv3 Score
- Vulnerability description
D-Link DIR-825 Rev. B devices are prone to a NULL pointer dereference vulnerability.
- Risk description
The vulnerability could be triggered by sending HTTP request with URL /vct_wan. Thus, the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. The vulnerability could let a remote malicious user cause a denial of service.
No solution was made available by the vendor. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. The DIR-825 revision B model has entered the end-of-life process by the time these vulnerabilities were disclosed and therefore the vendor is unable to provide support or development to mitigate them.
- Not available