CVE-2024-57677

Name of the Vulnerable Software and Affected Versions D-Link 816A2 FWv1.10CNB05 R1B011D88210

Description An access control issue in the component form2Wan.cgi of D-Link devices allows unauthenticated attackers to configure the WAN service of the device via a crafted POST request to the "form2Wan.cgi" endpoint. This issue is related to insufficient access control, which can be exploited by a remote attacker using a specially crafted HTTP POST request.

Recommendations For D-Link 816A2 FWv1.10CNB05 R1B011D88210, as a temporary workaround, consider disabling the form2Wan.cgi component until a patch is available. Restrict access to the form2Wan.cgi endpoint to minimize the risk of exploitation. Avoid using the form2Wan.cgi endpoint in the device's configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.