CVE-2024-57684
Published: 16 January 2025
Summary
CVE-2024-57684 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Dlink Dir-816 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
An access control vulnerability exists in the formDMZ.cgi component of D-Link DIR-816 firmware version 816A2_FWv1.10CNB05_R1B011D88210. The flaw, tracked as CVE-2024-57684 and assigned CWE-276, permits unauthenticated remote attackers to configure the device's DMZ service through a specially crafted POST request, carrying a CVSS 3.1 score of 9.8.
Remote attackers with no credentials or user interaction can exploit the issue over the network to enable DMZ functionality, exposing internal hosts and achieving full impact on confidentiality, integrity, and availability of the affected router.
D-Link's security bulletin page provides the vendor advisory reference, while a public technical description including a proof-of-concept request is available on GitHub. The associated EPSS score remains low, with a modest peak of 0.0518 that has since receded to 0.0403.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53710
Vulnerability details
An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated remote exploitation of public-facing web management interface (formDMZ.cgi) on network device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for access to system resources like the formDMZ.cgi endpoint, preventing unauthenticated attackers from configuring DMZ services.
Applies least privilege to restrict DMZ configuration changes to only authorized users or processes, blocking unauthenticated exploitation.
Limits permitted actions without identification or authentication to non-sensitive functions, ensuring DMZ service configuration requires authentication.