Details of VAR-202501-0004

ID

VAR-202501-0004

CVE

CVE-2024-13104

TITLE

D-Link DIR-816 A2 /goform/form2AdvanceSetup.cgi Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-02165

DESCRIPTION

A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can use this vulnerability to set the device's 2.4G and 5G advanced settings

Trust: 1.44

sources: NVD: CVE-2024-13104 // CNVD: CNVD-2025-02165

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02165

AFFECTED PRODUCTS

vendor:

d link

model:

dir-816 a2 1.10cnb05 r1b011d88210

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-02165

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-13104
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-02165
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-13104
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-02165
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-13104
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-02165 // NVD: CVE-2024-13104

PROBLEMTYPE DATA

problemtype:	CWE-266	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0

sources: NVD: CVE-2024-13104

EXTERNAL IDS

db:	NVD	id:	CVE-2024-13104	Trust: 1.6
db:	VULDB	id:	289920	Trust: 1.0
db:	CNVD	id:	CNVD-2025-02165	Trust: 0.6

sources: CNVD: CNVD-2025-02165 // NVD: CVE-2024-13104

REFERENCES

url:	https://vuldb.com/?submit.472076	Trust: 1.0
url:	https://vuldb.com/?id.289920	Trust: 1.0
url:	https://vuldb.com/?ctiid.289920	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0
url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/unauthorized_vulnerability/d-link/dir-816/form2advancesetup.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-13104	Trust: 0.6

sources: CNVD: CNVD-2025-02165 // NVD: CVE-2024-13104

SOURCES

db:	CNVD	id:	CNVD-2025-02165
db:	NVD	id:	CVE-2024-13104

LAST UPDATE DATE

2025-01-25T22:42:35.166000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02165	date:	2025-01-22T00:00:00
db:	NVD	id:	CVE-2024-13104	date:	2025-01-02T18:15:16.890

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02165	date:	2025-01-17T00:00:00
db:	NVD	id:	CVE-2024-13104	date:	2025-01-02T11:15:06.500