Access Control Issues in D-Link 816A2 Firmware
CVE-2024-57681

5.3MEDIUM

Key Information:

Vendor: D-Link
Status: D-Link 816A2 Firmware
Vendor: CVE Published:; 16 January 2025

What is CVE-2024-57681?

An access control vulnerability exists in the D-Link 816A2 device's firmware, specifically in the form2alg.cgi component. This flaw allows unauthenticated users to manipulate the agl service of the device by sending specially crafted POST requests. If successfully exploited, this could lead to unauthorized changes to device settings and compromise the security of the network it’s connected to. It is crucial for users to apply the necessary patches and follow security best practices to mitigate the risks associated with this vulnerability.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/U...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 9, 2025