Primary

Context

D-Link DIR-816 A2 Improper Access Control Vulnerability in DDNS Service

Vulnerability

A critical vulnerability has been identified in the D-Link DIR-816 A2 router, specifically in version 1.10CNB05_R1B011D88210. The issue resides within the DDNS service component, particularly in the '/goform/DDNS' file. This vulnerability allows for improper access control, enabling unauthorized users to manipulate DDNS settings remotely without authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the DDNS configuration, potentially allowing attackers to redirect traffic or create denial-of-service conditions.

Reproduction

To reproduce this vulnerability, send an unauthenticated HTTP POST request to the '/goform/DDNS' endpoint. Include the 'DDNS' header to manipulate the DDNS service settings on the device.

Remediation

It is recommended to implement proper firewall rules to block unauthorized access to the vulnerable DDNS service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-816 A2 Improper Access Control Vulnerability in DDNS Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

D-Link DIR-816 A2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating