CVE-2024-57045

Vulnerability

An authentication bypass vulnerability exists in the D-Link DIR-859 router running firmware version A3 1.05 and earlier [1][2]. The flaw resides in the /getcfg.php page, which improperly handles POST parameters. An attacker can forge a request containing SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1 to bypass the authorization check and retrieve sensitive device account information including usernames and passwords [1].

Exploitation

An attacker needs network access to the router's web interface (typically LAN or Wi-Fi) and no prior authentication. By sending a crafted POST request to http://target/getcfg.php with the payload SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1, the router returns account credentials instead of the usual "Not authorized" response [1]. The attack does not require any user interaction or special privileges.

Impact

Successful exploitation allows an unauthenticated attacker to obtain administrative credentials for the router. This leads to a full compromise of the device, enabling the attacker to modify settings, intercept traffic, or pivot to other network resources. The confidentiality of stored credentials is directly breached, and the attacker gains the same privileges as an administrator [1].

Mitigation

D-Link has not released a firmware patch for this vulnerability as of the publication date (2025-02-18) [2]. The DIR-859 router is an end-of-life (EOL) product, and no security updates are planned. Users are advised to replace the device with a supported model or isolate it from untrusted network segments. No workaround is available [1][2].