Access Control Issues in D-Link 816A2 Firmware
CVE-2024-57681

Currently unrated

Key Information:

Vendor: D-Link
Status: D-Link 816A2 Firmware
Vendor: CVE Published:; 16 January 2025

Summary

An access control vulnerability exists in the D-Link 816A2 device's firmware, specifically in the form2alg.cgi component. This flaw allows unauthenticated users to manipulate the agl service of the device by sending specially crafted POST requests. If successfully exploited, this could lead to unauthorized changes to device settings and compromise the security of the network it’s connected to. It is crucial for users to apply the necessary patches and follow security best practices to mitigate the risks associated with this vulnerability.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/U...

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 9, 2025