Perma-Vuln: D-Link DIR-859, CVE-2024-0769

GreyNoise observed active exploitation of CVE-2024-0769, a path-traversal information-disclosure vulnerability in D-Link DIR-859 routers (all revisions; product is EOL and will not be patched). The report documents the vulnerable hedwig.cgi -> fatlady.php handling, provides a sample POST request used in the wild, demonstrates exfiltration of DEVICE.ACCOUNT (usernames, passwords, groups, descriptions), and lists many other getcfg files that attackers can target, highlighting a long-lived risk for internet-facing devices.