CVE-2024-57045
Published: 18 February 2025
Description
Adversaries may access network configuration files to collect sensitive data about the device and the network.
Security Summary
CVE-2024-57045 is an authentication bypass vulnerability (CWE-287) in the D-Link DIR-859 router running firmware version A3 1.05 and earlier. The issue allows unauthorized individuals to circumvent authentication mechanisms by forging a POST request to the /getcfg.php page, enabling them to retrieve the username and password.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it remotely exploitable over the network with low attack complexity and no user interaction or privileges required. Attackers who reach the affected router can obtain administrative credentials, potentially leading to full compromise of the device with high impacts on confidentiality, integrity, and availability.
Mitigation guidance is available in vendor advisories, including the D-Link security bulletin at https://www.dlink.com/en/security-bulletin/ and a detailed disclosure on GitHub at https://github.com/Shuanunio/CVE_Requests/blob/main/D-Link/DIR-859/ACL%20bypass%20Vulnerability%20in%20D-Link%20DIR-859.md. The vulnerability was published on 2025-02-18.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The authentication bypass vulnerability in the D-Link DIR-859 router's web interface (public-facing application) enables initial access via exploitation (T1190) and allows forging requests to /getcfg.php for network device configuration dump to obtain credentials (T1602.002).