CVE-2024-13030

HIGH EXPLOITED

D-Link DIR-823G 1.0.2B05_20181207 - Improper Access Controls

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-13030 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.289763
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.289763
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.467903
Product product
https://www.dlink.com/

Scores

CVSS v3 7.3
EPSS 0.0189
EPSS Percentile 77.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2026-03-12
CWE
CWE-266 CWE-284
Status published
Products (1)
dlink/dir-823g_firmware 1.0.2b05_20181207
Published Dec 30, 2024
Tracked Since Feb 18, 2026