A critical vulnerability (CVE-2024-13030) has been identified in the web management interface of the D-Link DIR-823G router with firmware version 1.0.2B05_20181207.
The vulnerability allows attackers to exploit improper access control within the affected device, potentially leading to unauthorized access and system compromise.
Overview of the Vulnerability
The root cause of the vulnerability is the improper implementation of access control for various functions under the /HNAP1/ endpoint.
Specific operations within the web management interface—such as SetAutoRebootSettings, SetClientInfo, SetDMZSettings, SetFirewallSettings, SetParentsControlInfo, SetQoSSettings, and SetVirtualServerSettings—are susceptible to manipulation.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
Attackers exploiting this vulnerability can remotely gain unauthorized access, modify settings, or take control of the router without requiring prior authentication. This could lead to broader network compromise, especially for routers connected to sensitive environments.
The vulnerability has been scored using multiple…
