CVE-2024-13103

A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*

History

02 May 2025, 17:56

Type Values Removed Values Added
First Time Dlink
Dlink dir-816
Dlink dir-816 Firmware
CWE NVD-CWE-noinfo
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md - Broken Link
References () https://vuldb.com/?ctiid.289919 - () https://vuldb.com/?ctiid.289919 - Permissions Required
References () https://vuldb.com/?id.289919 - () https://vuldb.com/?id.289919 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.472075 - () https://vuldb.com/?submit.472075 - Third Party Advisory, VDB Entry
References () https://www.dlink.com/ - () https://www.dlink.com/ - Product
CPE cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*

02 Jan 2025, 18:15

Type Values Removed Values Added
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md -
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Este problema afecta a algunos procesos desconocidos del archivo /goform/form2AddVrtsrv.cgi del componente Virtual Service Handler. La manipulación conduce a controles de acceso inadecuados. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.

02 Jan 2025, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-02 10:15

Updated : 2025-05-02 17:56


NVD link : CVE-2024-13103

Mitre link : CVE-2024-13103

CVE.ORG link : CVE-2024-13103


JSON object : View

Products Affected

dlink

  • dir-816
  • dir-816_firmware
CWE
CWE-266

Incorrect Privilege Assignment

CWE-284

Improper Access Control

NVD-CWE-noinfo