CVE-2024-57680

Name of the Vulnerable Software and Affected Versions D-Link DIR-816A2 version 1.10CNB05 R1B011D88210

Description The issue is related to an access control problem in the form2PortriggerRule.cgi component, allowing unauthenticated attackers to set the port trigger of the device via a crafted POST request to the /form2PortriggerRule.cgi endpoint. This can potentially enable remote execution of arbitrary code.

Recommendations For version 1.10CNB05 R1B011D88210, as a temporary workaround, consider disabling the form2PortriggerRule.cgi component until a patch is available. Restrict access to the vulnerable form2PortriggerRule.cgi component to minimize the risk of exploitation. Avoid using the vulnerable endpoint in the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.