A critical vulnerability (CVE-2024-13030) has been identified in the web management interface of the D-Link DIR-823G router with firmware version 1.0.2B05_20181207.
The vulnerability allows attackers to exploit improper access control within the affected device, potentially leading to unauthorized access and system compromise.
Overview of the Vulnerability
The root cause of the vulnerability is the improper implementation of access control for various functions under the /HNAP1/ endpoint.
Specific operations within the web management interface—such as SetAutoRebootSettings, SetClientInfo, SetDMZSettings, SetFirewallSettings, SetParentsControlInfo, SetQoSSettings, and SetVirtualServerSettings—are susceptible to manipulation.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
Attackers exploiting this vulnerability can remotely gain unauthorized access, modify settings, or take control of the router without requiring prior authentication. This could lead to broader network compromise, especially for routers connected to sensitive environments.
The vulnerability has been scored using multiple CVSS (Common Vulnerability Scoring System) versions:
- CVSS 4.0: 6.9 (Medium)
- CVSS 3.1 and 3.0: 7.3 (High)
- CVSS 2.0: 7.5
The key factors contributing to the high severity scores include:
- Remote exploitation: No physical access is required.
- No authentication: Attackers do not need valid credentials to exploit the flaw.
- Potential impact: Compromise of confidentiality, integrity, and availability.
Technical Details
The affected router functionality is linked to its Home Network Administration Protocol (HNAP1). Improper access controls (CWE-284) and incorrect privilege assignment (CWE-266) allow attackers to escalate privileges and execute unauthorized commands.
The vulnerability can be exploited by sending specially crafted requests to the router’s management interface.
The exploit for this vulnerability has already been disclosed publicly, increasing the risk of attacks targeting D-Link DIR-823G devices.
Organizations and individuals using the affected router firmware are at heightened risk, especially as these devices may serve critical networking functions.
No patch or update has been provided by D-Link to address this issue. Users should consider the following steps to mitigate risk:
- Restrict remote management access to trusted IP addresses or disable it entirely.
- Use strong, unique passwords for local device administration.
- Monitor network traffic for signs of unusual activity.
- Replace aging or unsupported devices with newer models that come with regular security updates.
The vulnerability was discovered and reported by security researcher wxhwxhwxh_mie, as cited in VulDB’s public disclosure.
Cybersecurity experts warn users of D-Link DIR-823G routers to act swiftly to secure their devices as exploitation risks increase.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free