An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.
The formDMZ.cgi component in D-Link DIR-816 firmware (version 816A2_FWv1.10CNB05_R1B011D88210) does not require authentication before processing POST requests. An attacker can send a specially crafted POST request to this endpoint, which results in changing the DMZ service configuration on the device. This is an access control flaw (CWE-276 — improper default permissions), consisting of the lack of a mechanism to verify user identity before performing administrative operations.
An attacker without any privileges can remotely modify the router's DMZ zone configuration, which may lead to network traffic redirection, violation of network segmentation, and enabling access to internal organizational resources from the outside.
Apply patches available from the manufacturer according to the references (https://www.dlink.com/en/security-bulletin/). Until the update is implemented, it is recommended to restrict access to the device's administrative interface only from trusted IP addresses and block access to the management panel from the WAN side.
D-Link DIR-816 with firmware version 816A2_FWv1.10CNB05_R1B011D88210
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 816
HWDlinka2Dlink Dir 816 Firmware
OSDlink1.10cnb05_r1b011d88210
Related vulnerabilities
RCE w D-Link DIR-816-A2 przez podatną funkcję system() w goahead
Stack-based buffer overflow w D-Link DIR-816 — funkcja QoSPortSetup
Stack-based buffer overflow w D-Link DIR-816 – funkcja qosClassifier
Stack-based buffer overflow w D-Link DIR-816 — zdalny atak bez uwierzytelnienia
D-Link DIR-816: Stack-based buffer overflow w /goform/form2lansetup.cgi