Access Control Flaw in D-Link Router Models Enabling Unauthorized Configuration
CVE-2024-57679

Currently unrated

Key Information:

Vendor
D-Link
Vendor
CVE Published:
16 January 2025

Summary

An access control issue in the form2RepeaterSetup.cgi component of D-Link 816A2 firmware allows unauthorized attackers to exploit the device's configuration. By sending specially crafted POST requests, these attackers can manipulate the settings for both the 2.4G and 5G repeater services. This vulnerability presents a significant risk as it allows for unauthorized alterations, compromising the integrity and security of the device. Immediate attention is recommended for users to secure their routers against possible exploitation.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.