CVE-2024-57681

Name of the Vulnerable Software and Affected Versions D-Link 816A2 FWv1.10CNB05 R1B011D88210

Description An access control issue in the component form2alg.cgi of D-Link 816A2 FWv1.10CNB05 R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request to the "form2alg.cgi" endpoint, using a specially crafted HTTP POST request. This issue is related to insufficient access control in the form2alg.cgi script of the D-Link DIR-816A2 router's firmware.

Recommendations As a temporary workaround, consider disabling the form2alg.cgi component until a patch is available. Restrict access to the form2alg.cgi endpoint to minimize the risk of exploitation. Avoid using the agl service in the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.