Improper Access Control in D-Link DIR-816 Router
CVE-2024-13107

6.9MEDIUM

Key Information:

Vendor: D-link
Status: Dir-816 A2
Vendor: CVE Published:; 2 January 2025

Badges

👾 Exploit Exists

What is CVE-2024-13107?

A vulnerability has been identified in the D-Link DIR-816 A2 router that allows for the potential exploitation of access controls through the component ACL Handler, particularly the file /goform/form2LocalAclEditcfg.cgi. This vulnerability could permit unauthorized remote access, compromising the integrity and security of the device. An exploit has been publicly disclosed, raising awareness about the possible risks involved. Users are encouraged to review their configurations and apply necessary security measures to safeguard their networks.

Affected Version(s)

DIR-816 A2 1.10CNB05_R1B011D88210

References

https://vuldb.com/?id.289923

vdb-entry

https://vuldb.com/?ctiid.289923

signaturepermissions-required

https://vuldb.com/?submit.472087

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jan 2, 2025
Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Jan 1, 2025

Credit

wxhwxhwxh_tutu (VulDB User)

D-link

Badges

What is CVE-2024-13107?

Affected Version(s)

References

CVSS V4

Timeline

Credit