CVE-2024-57683

Name of the Vulnerable Software and Affected Versions D-Link 816A2 FWv1.10CNB05 R1B011D88210

Description The issue is related to an access control problem in the websURLFilterAddDel component, allowing unauthenticated attackers to set the device's filter settings via a crafted POST request. This can be achieved by sending a manipulated HTTP POST request to the device. The vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations For D-Link 816A2 FWv1.10CNB05 R1B011D88210, as a temporary workaround, consider disabling the websURLFilterAddDel component until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the vulnerable API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.