CVE-2024-13030

CVSS 2.0 Score 7.5 of 10 (high)

Details

Published Dec 30, 2024

CWE ID 284

CWE ID 266

Summary

CVE-2024-13030 is a critical vulnerability affecting the Web Management Interface component of D-Link DIR-823G 1.0.2B05_20181207. This issue enables an attacker to manipulate the access controls of the following functions: SetAutoRebootSettings, SetClientInfo, SetDMZSettings, SetFirewallSettings, SetParentsControlInfo, SetQoSSettings, and SetVirtualServerSettings, located in the /HNAP1/ file. The exploit can be initiated remotely, making it a significant security risk. Public disclosure of the exploit increases the likelihood of attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2AeEzp
https://www.cve.org/CVERecord?id=CVE-2024-13030
https://nvd.nist.gov/vuln/detail/CVE-2024-13030

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners

CVE-2024-13030

CVSS 2.0 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations