CVE-2024-33110

Name of the Vulnerable Software and Affected Versions D-Link DIR-845L router versions v1.01KRb03 and before

Description The issue is related to a Permission Bypass vulnerability via the getcfg.php component. It is associated with inadequate access control when handling the AUTHORIZED GROUP parameter. Exploitation of this issue may allow a remote attacker to bypass security restrictions and elevate their privileges.

Recommendations For versions v1.01KRb03 and before, as a temporary workaround, consider disabling the getcfg.php component until a patch is available. Restrict access to the getcfg.php component to minimize the risk of exploitation. Avoid using the AUTHORIZED GROUP parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.