Primary

Context

D-Link DIR-816 Access Control Vulnerability in AGL Service

Vulnerability

Patched

An access control vulnerability has been identified in the D-Link DIR-816 router, specifically in the component form2alg.cgi. This vulnerability allows unauthenticated attackers to manipulate the AGL service of the device by sending a crafted POST request.

Impact

Exploitation of this vulnerability could lead to unauthorized changes to the AGL service on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to the form2alg.cgi component of the D-Link DIR-816 router. The request must be crafted to manipulate the AGL service, taking advantage of the lack of authentication checks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-816 Access Control Vulnerability in AGL Service

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-816

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating