Sign-up

ID

VAR-202501-0054


CVE

CVE-2024-13105


TITLE

D-Link DIR-816 A2 /goform/form2Dhcpd.cgi Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-02163

DESCRIPTION

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can use this vulnerability to set up the dhcp service of the device

Trust: 1.44

sources: NVD: CVE-2024-13105 // CNVD: CNVD-2025-02163

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02163

AFFECTED PRODUCTS

vendor:d linkmodel:dir-816 a2 1.10cnb05 r1b011d88210scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-02163

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-13105
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-02163
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-13105
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-02163
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-13105
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-02163 // NVD: CVE-2024-13105

PROBLEMTYPE DATA

problemtype:CWE-266

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

sources: NVD: CVE-2024-13105

EXTERNAL IDS

db:NVDid:CVE-2024-13105

Trust: 1.6

db:VULDBid:289921

Trust: 1.0

db:CNVDid:CNVD-2025-02163

Trust: 0.6

sources: CNVD: CNVD-2025-02163 // NVD: CVE-2024-13105

REFERENCES

url:https://vuldb.com/?submit.472085

Trust: 1.0

url:https://vuldb.com/?ctiid.289921

Trust: 1.0

url:https://vuldb.com/?id.289921

Trust: 1.0

url:https://www.dlink.com/

Trust: 1.0

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/unauthorized_vulnerability/d-link/dir-816/form2dhcpd.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-13105

Trust: 0.6

sources: CNVD: CNVD-2025-02163 // NVD: CVE-2024-13105

SOURCES

db:CNVDid:CNVD-2025-02163
db:NVDid:CVE-2024-13105

LAST UPDATE DATE

2025-01-25T22:56:49.879000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02163date:2025-01-22T00:00:00
db:NVDid:CVE-2024-13105date:2025-01-02T18:15:17.027

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02163date:2025-01-17T00:00:00
db:NVDid:CVE-2024-13105date:2025-01-02T11:15:07.547