Sign-up

ID

VAR-202501-0033


CVE

CVE-2024-13103


TITLE

D-Link DIR-816 A2 /goform/form2AddVrtsrv.cgi Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-01700

DESCRIPTION

A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link DIR-816 is a wireless router from D-Link of China. Attackers can use this vulnerability to set up virtual services on the device

Trust: 1.44

sources: NVD: CVE-2024-13103 // CNVD: CNVD-2025-01700

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-01700

AFFECTED PRODUCTS

vendor:d linkmodel:dir-816 a2 1.10cnb05 r1b011d88210scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-01700

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-13103
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-01700
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-13103
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-01700
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-13103
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-01700 // NVD: CVE-2024-13103

PROBLEMTYPE DATA

problemtype:CWE-266

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

sources: NVD: CVE-2024-13103

EXTERNAL IDS

db:NVDid:CVE-2024-13103

Trust: 1.6

db:VULDBid:289919

Trust: 1.0

db:CNVDid:CNVD-2025-01700

Trust: 0.6

sources: CNVD: CNVD-2025-01700 // NVD: CVE-2024-13103

REFERENCES

url:https://vuldb.com/?id.289919

Trust: 1.0

url:https://vuldb.com/?submit.472075

Trust: 1.0

url:https://www.dlink.com/

Trust: 1.0

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/unauthorized_vulnerability/d-link/dir-816/form2addvrtsrv.md

Trust: 1.0

url:https://vuldb.com/?ctiid.289919

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-13103

Trust: 0.6

sources: CNVD: CNVD-2025-01700 // NVD: CVE-2024-13103

SOURCES

db:CNVDid:CNVD-2025-01700
db:NVDid:CVE-2024-13103

LAST UPDATE DATE

2025-01-19T23:20:28.443000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-01700date:2025-01-17T00:00:00
db:NVDid:CVE-2024-13103date:2025-01-02T18:15:16.747

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-01700date:2025-01-17T00:00:00
db:NVDid:CVE-2024-13103date:2025-01-02T10:15:06.690