CVE-2024-57045
Published: 18 February 2025
Summary
CVE-2024-57045 is a critical-severity Improper Authentication (CWE-287) vulnerability in Dlink Dir-859 A3 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the authentication bypass vulnerability by requiring timely identification, reporting, and correction of the flaw through vendor firmware updates.
Enforces approved authorizations in the router's web interface to block unauthorized POST requests to /getcfg.php that retrieve credentials.
Explicitly authorizes and limits sensitive actions like credential retrieval without identification or authentication, preventing exposure via unauthenticated endpoints.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The authentication bypass vulnerability in the D-Link DIR-859 router's web interface (public-facing application) enables initial access via exploitation (T1190) and allows forging requests to /getcfg.php for network device configuration dump to obtain credentials (T1602.002).
NVD Description
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page.
Deeper analysisAI
CVE-2024-57045 is an authentication bypass vulnerability (CWE-287) in the D-Link DIR-859 router running firmware version A3 1.05 and earlier. The issue allows unauthorized individuals to circumvent authentication mechanisms by forging a POST request to the /getcfg.php page, enabling them to retrieve the username and password.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it remotely exploitable over the network with low attack complexity and no user interaction or privileges required. Attackers who reach the affected router can obtain administrative credentials, potentially leading to full compromise of the device with high impacts on confidentiality, integrity, and availability.
Mitigation guidance is available in vendor advisories, including the D-Link security bulletin at https://www.dlink.com/en/security-bulletin/ and a detailed disclosure on GitHub at https://github.com/Shuanunio/CVE_Requests/blob/main/D-Link/DIR-859/ACL%20bypass%20Vulnerability%20in%20D-Link%20DIR-859.md. The vulnerability was published on 2025-02-18.
Details
- CWE(s)