CVE-2024-13030
HIGH EXPLOITEDD-Link DIR-823G 1.0.2B05_20181207 - Improper Access Controls
Title source: llmExploitation Summary
CVE-2024-13030 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.289763
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.289763
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.467903
Broken Link exploit
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-823G/SetAutoRebootSettings.md
Product broken-link
https://www.dlink.com.cn/about/article/news?id=2247
Product product
https://www.dlink.com/
Scores
CVSS v3
7.3
EPSS
0.0040
EPSS Percentile
61.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2026-03-12
CWE
CWE-284
CWE-266
Status
published
Products (1)
dlink/dir-823g_firmware
1.0.2b05_20181207
Published
Dec 30, 2024
Tracked Since
Feb 18, 2026