Cyber Resilience

CVE-2024-57684

Critical

Published: 16 January 2025

Published
16 January 2025
Modified
02 May 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0403 88.7th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57684 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Dlink Dir-816 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

An access control vulnerability exists in the formDMZ.cgi component of D-Link DIR-816 firmware version 816A2_FWv1.10CNB05_R1B011D88210. The flaw, tracked as CVE-2024-57684 and assigned CWE-276, permits unauthenticated remote attackers to configure the device's DMZ service through a specially crafted POST request, carrying a CVSS 3.1 score of 9.8.

Remote attackers with no credentials or user interaction can exploit the issue over the network to enable DMZ functionality, exposing internal hosts and achieving full impact on confidentiality, integrity, and availability of the affected router.

D-Link's security bulletin page provides the vendor advisory reference, while a public technical description including a proof-of-concept request is available on GitHub. The associated EPSS score remains low, with a modest peak of 0.0518 that has since receded to 0.0403.

EU & UK References

Vulnerability details

An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct unauthenticated remote exploitation of public-facing web management interface (formDMZ.cgi) on network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8346Same product: Dlink Dir-816
CVE-2026-4184Same product: Dlink Dir-816
CVE-2026-4182Same product: Dlink Dir-816
CVE-2026-4180Same product: Dlink Dir-816
CVE-2026-4181Same product: Dlink Dir-816
CVE-2026-4183Same product: Dlink Dir-816
CVE-2025-60679Same product: Dlink Dir-816
CVE-2026-8345Same product: Dlink Dir-816
CVE-2026-8344Same product: Dlink Dir-816
CVE-2025-2548Same vendor: Dlink

Affected Assets

dlink
dir-816 firmware
1.10cnb05_r1b011d88210

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources like the formDMZ.cgi endpoint, preventing unauthenticated attackers from configuring DMZ services.

prevent

Applies least privilege to restrict DMZ configuration changes to only authorized users or processes, blocking unauthenticated exploitation.

prevent

Limits permitted actions without identification or authentication to non-sensitive functions, ensuring DMZ service configuration requires authentication.

References