CVE-2024-13030

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G version 1.0.2B05 20181207

Description: A critical issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface, leading to improper access controls. The attack may be initiated remotely. The manipulation can be exploited by sending a specially crafted HTTP POST request. The issue is related to errors in managing privileges.

Recommendations: As a temporary workaround, consider disabling the affected functions SetAutoRebootSettings, SetClientInfo, SetDMZSettings, SetFirewallSettings, SetParentsControlInfo, SetQoSSettings, SetVirtualServerSettings until a patch is available. Restrict access to the vulnerable component Web Management Interface to minimize the risk of exploitation. Avoid using the vulnerable file /HNAP1/ in the Web Management Interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.