Information Disclosure Vulnerability in D-Link 816A2 Firmware
CVE-2024-57682

6.5MEDIUM

Key Information:

Vendor: D-Link
Status: D-Link 816A2 Firmware
Vendor: CVE Published:; 16 January 2025

Summary

An information disclosure vulnerability exists in the d_status.asp component of the D-Link 816A2 firmware, allowing unauthorized attackers to glean sensitive information. This vulnerability is exploited through a specially crafted POST request, posing risks to users who may unknowingly expose critical data. It is crucial for users of the affected firmware to implement necessary safeguards and monitor for updates that mitigate this type of exploitation.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/U...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 9, 2025