Details of VAR-202501-0010

ID

VAR-202501-0010

CVE

CVE-2024-13107

TITLE

D-Link Systems, Inc. of DIR-816 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-004374

DESCRIPTION

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-816 There are unspecified vulnerabilities in the firmware.Information may be tampered with. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can exploit this vulnerability to set the local access control list of the device

Trust: 2.16

sources: NVD: CVE-2024-13107 // JVNDB: JVNDB-2025-004374 // CNVD: CNVD-2025-02162

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02162

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-816	scope:	eq	version:	1.10cnb05_r1b011d88210	Trust: 1.0
vendor:	d link	model:	dir-816	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-816	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-816	scope:	eq	version:	dir-816 firmware 1.10cnb05 r1b011d88210	Trust: 0.8
vendor:	d link	model:	dir-816 a2 1.10cnb05 r1b011d88210	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-02162 // JVNDB: JVNDB-2025-004374 // NVD: CVE-2024-13107

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-13107
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-13107
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-004374
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-02162
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-13107
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-004374
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-02162
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-13107
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	JVNDB-2025-004374
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-02162 // JVNDB: JVNDB-2025-004374 // NVD: CVE-2024-13107 // NVD: CVE-2024-13107

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-266	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Improper permission settings (CWE-266) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-004374 // NVD: CVE-2024-13107

EXTERNAL IDS

db:	NVD	id:	CVE-2024-13107	Trust: 3.2
db:	VULDB	id:	289923	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-004374	Trust: 0.8
db:	CNVD	id:	CNVD-2025-02162	Trust: 0.6

sources: CNVD: CNVD-2025-02162 // JVNDB: JVNDB-2025-004374 // NVD: CVE-2024-13107

REFERENCES

url:	https://vuldb.com/?id.289923	Trust: 1.8
url:	https://vuldb.com/?submit.472087	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-13107	Trust: 1.4
url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/unauthorized_vulnerability/d-link/dir-816/form2localacleditcfg.md	Trust: 1.0
url:	https://vuldb.com/?ctiid.289923	Trust: 1.0

sources: CNVD: CNVD-2025-02162 // JVNDB: JVNDB-2025-004374 // NVD: CVE-2024-13107

SOURCES

db:	CNVD	id:	CNVD-2025-02162
db:	JVNDB	id:	JVNDB-2025-004374
db:	NVD	id:	CVE-2024-13107

LAST UPDATE DATE

2025-05-09T03:07:31.201000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02162	date:	2025-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-004374	date:	2025-05-07T06:49:00
db:	NVD	id:	CVE-2024-13107	date:	2025-05-02T17:56:16.377

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02162	date:	2025-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2025-004374	date:	2025-05-07T00:00:00
db:	NVD	id:	CVE-2024-13107	date:	2025-01-02T12:15:17.147