CVE-2024-57678

Name of the Vulnerable Software and Affected Versions D-Link DIR-816A2 versions 1.10CNB05 R1B011D88210

Description The issue is related to an access control problem in the form2WlAc.cgi component, allowing unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request to the "form2WlAc.cgi" endpoint, using variables such as mac access control list. This can be achieved by sending a specially crafted HTTP POST request.

Recommendations For version 1.10CNB05 R1B011D88210, as a temporary workaround, consider disabling the form2WlAc.cgi component until a patch is available. Restrict access to the form2WlAc.cgi endpoint to minimize the risk of exploitation. Avoid using the mac access control list variables in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.