Access Control Vulnerability in D-Link DIR-816 Router
CVE-2024-57677

Currently unrated

Key Information:

Vendor: D-Link
Status: DIR-816
Vendor: CVE Published:; 16 January 2025

Summary

An access control issue in the form2Wan.cgi component of the D-Link DIR-816 router enables unauthenticated attackers to manipulate the WAN service settings through specially crafted POST requests. This vulnerability can lead to unauthorized control over the device's network configuration, potentially compromising the security of the network. Users of this router version are advised to apply security updates and implement proper security measures.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/U...

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 9, 2025