Vulnerability ResearchMay 23, 2026
Unauthenticated Path Traversal in DIR_825AC_G1A_EU - End-of-Life Device, Unpatched
An unauthenticated path traversal in the end-of-life D-Link DIR-825AC turns the web server's /concat endpoint into an arbitrary file read - exposing /etc/passwd and router configuration with no credentials required. From dev-tools discovery to root cause in the reverse-engineered MIPS anweb binary.
Read more →