CVE-2024-13106: D-Link DIR-816 A2 IP QoS form2IPQoSTcAdd access control
First published: Thu Jan 02 2025(Updated: )
A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DIR-816 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-13106?
CVE-2024-13106 is classified as a critical severity vulnerability.
How does CVE-2024-13106 affect D-Link DIR-816 A2 devices?
CVE-2024-13106 affects the improper access controls in the IP QoS Handler component of D-Link DIR-816 A2 firmware.
How can I fix CVE-2024-13106?
To mitigate CVE-2024-13106, users should update their D-Link DIR-816 A2 firmware to the latest version provided by the vendor.
What are the implications of CVE-2024-13106 if exploited?
Exploitation of CVE-2024-13106 can lead to unauthorized access and manipulation of network QoS settings.
Is there a workaround for CVE-2024-13106?
Currently, the best workaround for CVE-2024-13106 is to restrict access to the affected functionalities until a firmware update is applied.
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/d-link
- canonical/d-link dir-816