Sign-up

ID

VAR-202501-0010


CVE

CVE-2024-13107


TITLE

D-Link DIR-816 A2 /goform/form2LocalAclEditcfg.cgi Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-02162

DESCRIPTION

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can exploit this vulnerability to set the local access control list of the device

Trust: 1.44

sources: NVD: CVE-2024-13107 // CNVD: CNVD-2025-02162

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02162

AFFECTED PRODUCTS

vendor:d linkmodel:dir-816 a2 1.10cnb05 r1b011d88210scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-02162

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-13107
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-02162
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-13107
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-02162
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-13107
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-02162 // NVD: CVE-2024-13107

PROBLEMTYPE DATA

problemtype:CWE-266

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

sources: NVD: CVE-2024-13107

EXTERNAL IDS

db:NVDid:CVE-2024-13107

Trust: 1.6

db:VULDBid:289923

Trust: 1.0

db:CNVDid:CNVD-2025-02162

Trust: 0.6

sources: CNVD: CNVD-2025-02162 // NVD: CVE-2024-13107

REFERENCES

url:https://vuldb.com/?ctiid.289923

Trust: 1.0

url:https://vuldb.com/?submit.472087

Trust: 1.0

url:https://vuldb.com/?id.289923

Trust: 1.0

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/unauthorized_vulnerability/d-link/dir-816/form2localacleditcfg.md

Trust: 1.0

url:https://www.dlink.com/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-13107

Trust: 0.6

sources: CNVD: CNVD-2025-02162 // NVD: CVE-2024-13107

SOURCES

db:CNVDid:CNVD-2025-02162
db:NVDid:CVE-2024-13107

LAST UPDATE DATE

2025-01-25T22:49:40.810000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02162date:2025-01-22T00:00:00
db:NVDid:CVE-2024-13107date:2025-01-02T18:15:17.310

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02162date:2025-01-17T00:00:00
db:NVDid:CVE-2024-13107date:2025-01-02T12:15:17.147