CVE-2024-44408 identifies a critical information disclosure vulnerability in the D-Link DIR-823G router firmware version 1.0.2B05_20181207. The vulnerability arises because the device improperly restricts access to its configuration files, allowing unauthenticated remote attackers to download these files without any authentication or user interaction. The configuration files contain sensitive information, including user passwords stored in plaintext, which violates basic security best practices. The vulnerability is remotely exploitable over the network (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and affects confidentiality (C:H) without impacting integrity or availability. This flaw is categorized under CWE-200, indicating exposure of sensitive information. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the ease of exploitation and the critical nature of the leaked information. No patches or firmware updates are currently linked, and no known exploits have been reported in the wild, but the risk remains significant given the sensitive data exposure.

The primary impact of this vulnerability is the compromise of confidentiality through unauthorized disclosure of plaintext user passwords stored in the router's configuration files. Attackers who exploit this flaw can gain access to user credentials, potentially allowing them to take control of the router, alter network configurations, intercept or redirect traffic, and launch further attacks on connected devices. This can lead to broader network compromise, data theft, and disruption of services. Since the vulnerability requires no authentication or user interaction, it can be exploited remotely by any attacker with network access to the device, increasing the attack surface. Organizations relying on the affected router model may face increased risk of espionage, data breaches, and loss of network integrity. The absence of known exploits in the wild does not diminish the urgency of addressing this vulnerability due to the sensitive nature of the exposed data.

1. Immediately restrict network access to the D-Link DIR-823G router management interface, ideally limiting it to trusted internal networks or specific IP addresses. 2. Disable remote management features if not required to reduce exposure. 3. Monitor network traffic for unusual requests attempting to download configuration files. 4. Change all router and user passwords after mitigation steps are applied to invalidate any potentially compromised credentials. 5. Contact D-Link support or check official channels regularly for firmware updates or patches addressing this vulnerability. 6. If no patch is available, consider replacing the affected router with a more secure model that follows best security practices for credential storage and access control. 7. Employ network segmentation to isolate critical systems from vulnerable devices. 8. Implement intrusion detection/prevention systems to detect exploitation attempts targeting this vulnerability. 9. Educate users and administrators about the risks of using default or weak credentials and the importance of timely updates.