- Manufacturer's website information:http://www.dlink.com.cn/
- Firmware download address :http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-823G
DIR823G_V1.0.2B05_20181207
An improper access control vulnerability exists in the web management interface of DIR823G_V1.0.2B05_20181207. By sending a specially crafted unauthenticated HTTP POST request to the /HNAP1/ endpoint with the SOAPAction header set to SetAutoRebootSettings, an attacker can set the auto reboot settings of the device.
