PT-2025-3537 · D Link · D-Link Dir-816 A2
Published
2024-12-30
·
Updated
2025-02-03
·
CVE-2024-57679
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-816A2 version 1.10CNB05 R1B011D88210
Description
The issue is related to an access control problem in the
form2RepeaterSetup.cgi component, allowing unauthenticated attackers to configure the 2.4G and 5G repeater service of the device via a crafted HTTP POST request to the /form2RepeaterSetup.cgi endpoint. This can potentially allow remote execution of arbitrary code.Recommendations
For D-Link DIR-816A2 version 1.10CNB05 R1B011D88210, as a temporary workaround, consider disabling the
form2RepeaterSetup.cgi component until a patch is available. Restrict access to the /form2RepeaterSetup.cgi endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Incorrect Authorization
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dir-816 A2