D-Link DIR-816 Access Control Vulnerability in formDMZ.cgi Allowing Unauthenticated DMZ Configuration

Vulnerability

An access control vulnerability has been identified in the D-Link DIR-816 router, specifically in the firmware version 816A2_FWv1.10CNB05_R1B011D88210. This vulnerability allows unauthenticated attackers to manipulate the DMZ service settings of the device by sending a crafted POST request. The issue arises in the component formDMZ.cgi, where inadequate access controls permit unauthorized modifications to the DMZ configuration.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the DMZ service settings on the affected router.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-816 Access Control Vulnerability in formDMZ.cgi Allowing Unauthenticated DMZ Configuration

Vulnerability

Impact

Affected Products

D-Link DIR-816

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating