VDB-289921 · CVE-2024-13105 · GCVE-100-289921

D-Link DIR-816 A2 1.10CNB05_R1B011D88210 DHCPD Setting /goform/form2Dhcpd.cgi kura hakki ndiyam

Gaskiya vulnerability da aka ware a matsayin kura an samu a D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /goform/form2Dhcpd.cgi, a cikin sashen DHCPD Setting Handler. A sa manipulation ka kura hakki ndiyam. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-284. Hakika, rauni an bayyana shi 01/01/2025. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2024-13105. Ngam yiɗi ka a tuma ndiyam ka nder internet. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $5k-$25k. Ana ba da shawara a saka katangar wuta mai hana shiga sosai. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 Goyarwa · 89 Datenpunkte

Furɗe	Súgá 01/01/2025 09:55	Gargadi 1/2 01/02/2025 12:39	Gargadi 2/2 01/02/2025 13:38
software_vendor	D-Link	D-Link	D-Link
software_name	DIR-816 A2	DIR-816 A2	DIR-816 A2
software_version	1.10CNB05_R1B011D88210	1.10CNB05_R1B011D88210	1.10CNB05_R1B011D88210
software_component	DHCPD Setting Handler	DHCPD Setting Handler	DHCPD Setting Handler
software_file	/goform/form2Dhcpd.cgi	/goform/form2Dhcpd.cgi	/goform/form2Dhcpd.cgi
vulnerability_cwe	CWE-284 (kura hakki ndiyam)	CWE-284 (kura hakki ndiyam)	CWE-284 (kura hakki ndiyam)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	W	W	W
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md
countermeasure_name	Firewall	Firewall	Firewall
source_cve	CVE-2024-13105	CVE-2024-13105	CVE-2024-13105
cna_responsible	VulDB	VulDB	VulDB
cna_eol	1	1	1
software_type	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	W	W	W
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	N	N	N
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.1	4.1	4.1
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	4.7	4.7	4.7
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	4.7	5.0	5.0
cvss4_vuldb_bscore	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5
advisory_date	1735686000 (01/01/2025)	1735686000 (01/01/2025)	1735686000 (01/01/2025)
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve_nvd_summary		A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		N	N
cvss4_cna_vc		N	N
cvss4_cna_vi		L	L
cvss4_cna_va		N	N
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		6.9	6.9
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		N	N
cvss3_cna_i		L	L
cvss3_cna_a		N	N
cvss3_cna_basescore		5.3	5.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		N	N
cvss2_cna_ii		P	P
cvss2_cna_ai		N	N
cvss2_cna_basescore		5	5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en D-Link DIR-816 A2 1.10CNB05_R1B011D88210 y se ha clasificado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /goform/form2Dhcpd.cgi del componente DHCPD Setting Handler. La manipulación conduce a controles de acceso inadecuados. El ataque puede ejecutarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.

◂ Gurɗo Gumti Gada ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!