CVE-2024-57684

Name of the Vulnerable Software and Affected Versions D-Link 816A2 FWv1.10CNB05 R1B011D88210

Description The issue is related to an access control problem in the formDMZ.cgi component, which allows unauthenticated attackers to configure the DMZ service of the device through a crafted POST request. This can potentially enable remote attackers to execute arbitrary code using a specially crafted HTTP POST request.

Recommendations For D-Link 816A2 FWv1.10CNB05 R1B011D88210, as a temporary workaround, consider disabling the formDMZ.cgi component until a patch is available. Restrict access to the DMZ service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.