Cyber Posture

CVE-2024-57684

Critical

Published: 16 January 2025

Published
16 January 2025
Modified
02 May 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0403 88.5th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57684 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Dlink Dir-816 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to system resources like the formDMZ.cgi endpoint, preventing unauthenticated attackers from configuring DMZ services.

AC-6 Least Privilege good match
prevent

Applies least privilege to restrict DMZ configuration changes to only authorized users or processes, blocking unauthenticated exploitation.

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Limits permitted actions without identification or authentication to non-sensitive functions, ensuring DMZ service configuration requires authentication.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct unauthenticated remote exploitation of public-facing web management interface (formDMZ.cgi) on network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.

Deeper analysisAI

CVE-2024-57684 is an access control vulnerability (CWE-276) affecting the formDMZ.cgi component in D-Link DIR-816A2 firmware version 1.10CNB05_R1B011D88210. Published on January 16, 2025, it enables unauthenticated attackers to configure the device's DMZ service by sending a crafted POST request. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impacts across confidentiality, integrity, and availability.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction. By targeting the formDMZ.cgi endpoint, they can arbitrarily set the DMZ service configuration, granting them unauthorized control over the router's exposure settings.

Advisories and mitigation guidance are available via the vendor's security bulletin at https://www.dlink.com/en/security-bulletin/ and a detailed disclosure including proof-of-concept at https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/formDMZ.md. Security practitioners should consult these resources for patching instructions or workarounds specific to affected D-Link DIR-816A2 devices.

Details

CWE(s)
CWE-276

Affected Products

dlink
dir-816 firmware
1.10cnb05_r1b011d88210

CVEs Like This One

CVE-2026-4184Same product: Dlink Dir-816
CVE-2026-4181Same product: Dlink Dir-816
CVE-2026-4182Same product: Dlink Dir-816
CVE-2026-4183Same product: Dlink Dir-816
CVE-2026-4180Same product: Dlink Dir-816
CVE-2025-60679Same product: Dlink Dir-816
CVE-2025-70219Same vendor: Dlink
CVE-2025-7910Same vendor: Dlink
CVE-2025-7194Same vendor: Dlink
CVE-2025-8159Same vendor: Dlink

References