Null Pointer Dereference Vulnerability in D-Link DIR-825 Router
CVE-2021-29296
7.5HIGH
What is CVE-2021-29296?
A null pointer dereference vulnerability exists in the D-Link DIR-825 router, specifically in version 2.10b02. This flaw allows a remote attacker to craft a specific HTTP request targeting the URL '/vct_wan', which triggers the device's httpd service to process a null argument in the strchr function. This erroneous action results in a segmentation fault, leading to a denial of service condition. Given that the DIR-825 model has reached its end-of-life status, no patch will be available to rectify this issue.