Details of VAR-202501-0005

ID

VAR-202501-0005

CVE

CVE-2024-13102

TITLE

D-Link Systems, Inc. of DIR-816 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-004330

DESCRIPTION

A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-816 There are unspecified vulnerabilities in the firmware.Information may be tampered with. D-Link DIR-816 A2 is a wireless router from Taiwan's D-Link. Attackers can exploit this vulnerability to access and operate the DDNS service of the affected router, tamper with the DDNS settings, and obtain sensitive information

Trust: 2.16

sources: NVD: CVE-2024-13102 // JVNDB: JVNDB-2025-004330 // CNVD: CNVD-2025-11545

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11545

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-816	scope:	eq	version:	1.10cnb05_r1b011d88210	Trust: 1.0
vendor:	d link	model:	dir-816	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-816	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-816	scope:	eq	version:	dir-816 firmware 1.10cnb05 r1b011d88210	Trust: 0.8
vendor:	d link	model:	dir-816 a2 1.10cnb05 r1b011d88210	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-11545 // JVNDB: JVNDB-2025-004330 // NVD: CVE-2024-13102

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-13102
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-13102
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-004330
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-11545
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-13102
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-004330
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-11545
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-13102
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	JVNDB-2025-004330
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-11545 // JVNDB: JVNDB-2025-004330 // NVD: CVE-2024-13102 // NVD: CVE-2024-13102

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-266	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Improper permission settings (CWE-266) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-004330 // NVD: CVE-2024-13102

EXTERNAL IDS

db:	NVD	id:	CVE-2024-13102	Trust: 3.2
db:	VULDB	id:	289918	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-004330	Trust: 0.8
db:	CNVD	id:	CNVD-2025-11545	Trust: 0.6

sources: CNVD: CNVD-2025-11545 // JVNDB: JVNDB-2025-004330 // NVD: CVE-2024-13102

REFERENCES

url:	https://vuldb.com/?id.289918	Trust: 1.8
url:	https://vuldb.com/?submit.472074	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-13102	Trust: 1.4
url:	https://vuldb.com/?ctiid.289918	Trust: 1.0
url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/unauthorized_vulnerability/d-link/dir-816/ddns.md	Trust: 1.0

sources: CNVD: CNVD-2025-11545 // JVNDB: JVNDB-2025-004330 // NVD: CVE-2024-13102

SOURCES

db:	CNVD	id:	CNVD-2025-11545
db:	JVNDB	id:	JVNDB-2025-004330
db:	NVD	id:	CVE-2024-13102

LAST UPDATE DATE

2025-06-08T19:33:41.137000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11545	date:	2025-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2025-004330	date:	2025-05-07T00:38:00
db:	NVD	id:	CVE-2024-13102	date:	2025-05-02T17:56:25.510

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11545	date:	2025-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2025-004330	date:	2025-05-07T00:00:00
db:	NVD	id:	CVE-2024-13102	date:	2025-01-02T10:15:06.427