Details of VAR-202501-0024

ID

VAR-202501-0024

CVE

CVE-2024-13106

TITLE

D-Link DIR-816 A2 /goform/form2IPQoSTcAdd Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-02164

DESCRIPTION

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can exploit this vulnerability to set the QoS settings of the device

Trust: 1.44

sources: NVD: CVE-2024-13106 // CNVD: CNVD-2025-02164

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02164

AFFECTED PRODUCTS

vendor:

d link

model:

dir-816 a2 1.10cnb05 r1b011d88210

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-02164

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-13106
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-02164
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-13106
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-02164
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-13106
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-02164 // NVD: CVE-2024-13106

PROBLEMTYPE DATA

problemtype:	CWE-266	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0

sources: NVD: CVE-2024-13106

EXTERNAL IDS

db:	NVD	id:	CVE-2024-13106	Trust: 1.6
db:	VULDB	id:	289922	Trust: 1.0
db:	CNVD	id:	CNVD-2025-02164	Trust: 0.6

sources: CNVD: CNVD-2025-02164 // NVD: CVE-2024-13106

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/unauthorized_vulnerability/d-link/dir-816/form2ipqostcadd.md	Trust: 1.0
url:	https://vuldb.com/?id.289922	Trust: 1.0
url:	https://vuldb.com/?ctiid.289922	Trust: 1.0
url:	https://vuldb.com/?submit.472086	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-13106	Trust: 0.6

sources: CNVD: CNVD-2025-02164 // NVD: CVE-2024-13106

SOURCES

db:	CNVD	id:	CNVD-2025-02164
db:	NVD	id:	CVE-2024-13106

LAST UPDATE DATE

2025-01-25T22:50:09.282000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02164	date:	2025-01-22T00:00:00
db:	NVD	id:	CVE-2024-13106	date:	2025-01-02T18:15:17.167

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02164	date:	2025-01-17T00:00:00
db:	NVD	id:	CVE-2024-13106	date:	2025-01-02T12:15:16.940