CVE-2024-13108

Name of the Vulnerable Software and Affected Versions D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210

Description A critical issue is present in the D-Link DIR-816 A2, related to inadequate access controls in the /goform/form2NetSniper.cgi file. This can be exploited remotely by sending a specially crafted HTTP POST request, potentially allowing an attacker to gain unauthorized access to protected information. The exploit has been disclosed publicly.

Recommendations For D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210, consider disabling access to the /goform/form2NetSniper.cgi file as a temporary workaround until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using this file in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.