D-Link DIR-816 A2
Easy fix1 remedy
cpe:2.3:h:d-link:dir-816:*:*:*:*:*:*:*, +7 more
Easy fix1 remedy
- 1.10CNB05_R1B011D88210
D-Link DIR-816 A2 Access Control Vulnerability in Virtual Service Handler
Vulnerability
A critical access control vulnerability has been identified in the D-Link DIR-816 A2 router, specifically in version 1.10CNB05_R1B011D88210. The issue arises from improper access controls in the Virtual Service Handler component, particularly within the file '/goform/form2AddVrtsrv.cgi'. This vulnerability allows unauthorized users to manipulate the service handler, potentially leading to unauthorized access or actions.
Impact
Exploitation of this vulnerability allows for unauthorized access to the virtual service handler, which could be used to manipulate or disrupt services on the router.
Reproduction
The vulnerability can be reproduced by sending a request to the '/goform/form2AddVrtsrv.cgi' endpoint without authentication. The lack of proper access controls allows the request to be processed, bypassing any necessary authorization.
Remediation
Users are advised to implement firewall rules to block unauthorized access to the vulnerable endpoint.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
5.0exploitability
9.1remediation
0.0relevance
0.0threat
6.4urgency
2.9incentive
9.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.