PT-2025-2001 · D Link · D-Link Dir-816 A2
Yhryhryhr
·
Published
2024-12-30
·
Updated
2025-05-02
·
CVE-2024-13102
Yhryhryhr
·
Published
2024-12-30
·
Updated
2025-05-02
·
CVE-2024-13102
6.9
Medium
| Base vector | Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210
Description:
A critical issue affects the unknown code of the file /goform/DDNS of the DDNS Service component, leading to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Recommendations:
For D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210, as a temporary workaround, consider disabling the access to the /goform/DDNS file until a patch is available. Restrict access to the DDNS Service component to minimize the risk of exploitation. Avoid using the DDNS Service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Incorrect Privilege Assignment
Improper Access Control