Primary

Context

D-Link DIR-816 Access Control Vulnerability in form2WlAc.cgi Allowing Unauthenticated MAC ACL Modification

Vulnerability

An access control vulnerability has been identified in the D-Link DIR-816 router, specifically in the firmware version 816A2_FWv1.10CNB05_R1B011D88210. This vulnerability allows unauthenticated attackers to manipulate the MAC access control list for both the 2.4GHz and 5GHz bands. Exploitation is achieved by sending a crafted POST request to the device.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the MAC access control list, potentially leading to unauthorized network access or interference with network connectivity.

Reproduction

To reproduce this vulnerability, send a POST request to the DIR-816 router's form2WlAc.cgi component. The request must be crafted to include the desired changes to the MAC access control list for the 2.4GHz and 5GHz bands. No authentication is required to make this change.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-816 Access Control Vulnerability in form2WlAc.cgi Allowing Unauthenticated MAC ACL Modification

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-816

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating