Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.
https://www.dlink.com/en/security-bulletin/
https://github.com/jayus0821/uai-poc/blob/main/D-Link/DIR-868L/webaccess_UAI.md