D-Link DIR-823G Wireless Router NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

A NULL pointer dereference vulnerability has been identified in the D-Link DIR-823G A1 v1.0.2B05 wireless router. This vulnerability allows remote attackers to cause a denial-of-service condition by sending crafted HTTP requests that exploit the flaw. The issue arises in the SetWLanRadioSettings function, where the absence of proper null validation on the RadioID element before it is processed leads to the dereference, causing the device to become unresponsive.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the device becomes unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the '/HNAP1/' endpoint with the action 'SetWLanRadioSettings'. The request must omit the 'RadioID' element, which leads to the NULL pointer dereference. This can be automated with a Python script that sends the malformed request, as demonstrated in the proof-of-concept available on GitHub.