CVE-2024-13030

30.12.2024, 01:15

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	7.3 HIGH				CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 64%

Vendor	Product	Version
dlink	dir-823g_firmware	1.0.2b05_20181207:b05_20181207

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-266 - Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-823G/SetAutoRebootSettings.md

https://vuldb.com/?ctiid.289763

https://vuldb.com/?id.289763

https://vuldb.com/?submit.467903

https://www.dlink.com.cn/about/article/news?id=2247

https://www.dlink.com/