Access Control Issue in D-Link Router Products
CVE-2024-57683

Currently unrated

Key Information:

Vendor: D-Link
Status: D-Link 816A2
Vendor: CVE Published:; 16 January 2025

Summary

An access control vulnerability in the 'websURLFilterAddDel' component of D-Link 816A2 devices allows unauthenticated attackers to exploit the device settings. By sending a manipulated POST request, attackers can alter filter settings without proper authorization, posing significant risks to device security and network integrity.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/U...

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 9, 2025