D-Link DIR-816 Access Control Vulnerability in form2PortriggerRule.cgi Allowing Unauthenticated Port Triggering

An access control vulnerability has been identified in the D-Link DIR-816 router, specifically in the firmware version 816A2_FWv1.10CNB05_R1B011D88210. The issue allows unauthenticated attackers to manipulate the port triggering settings of the device by sending a crafted POST request. This vulnerability arises from inadequate access controls in the affected CGI component, form2PortriggerRule.cgi.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the port triggering settings on the affected D-Link DIR-816 router.

Reproduction

To reproduce this vulnerability, send a POST request to the form2PortriggerRule.cgi endpoint on a D-Link DIR-816 router running the vulnerable firmware version. The request must be crafted to include the desired port triggering settings, which the router will apply without requiring authentication.