CVE-2024-13030 – This critical vulnerability in D-Link DIR-823G ... (How to Fix)

Q: What is the severity of CVE-2024-13030?

CVE-2024-13030 has a CVSS score of 7.3 (HIGH). This critical vulnerability in D-Link DIR-823G routers allows unauthorized attackers to remotely modify critical system settings through the web management interface. Attackers can manipulate functions like firewall settings, DMZ configuration, and QoS settings without proper authentication. All users of affected DIR-823G routers with the vulnerable firmware are at risk.

📋 TL;DR

This critical vulnerability in D-Link DIR-823G routers allows unauthorized attackers to remotely modify critical system settings through the web management interface. Attackers can manipulate functions like firewall settings, DMZ configuration, and QoS settings without proper authentication. All users of affected DIR-823G routers with the vulnerable firmware are at risk.

💻 Affected Systems

Products:

D-Link DIR-823G

Versions: 1.0.2B05_20181207

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the HNAP1 web management interface component. All devices running this specific firmware version are vulnerable.

📦 What is this software?

Dir 823g Firmware by Dlink

View all CVEs affecting Dir 823g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attackers to reconfigure firewall rules, set up DMZ exposing internal devices, disable security features, and potentially enable further attacks on the internal network.

🟠

Likely Case

Unauthorized modification of router settings leading to network disruption, traffic redirection, or exposure of internal services to the internet.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to the router's management interface.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and the web interface is typically internet-accessible on these devices.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access, but requires specific knowledge of the vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed on GitHub. The vulnerability allows unauthenticated access to multiple configuration endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.dlink.com.cn/about/article/news?id=2247

Restart Required: No

Instructions:

No official patch available. Check D-Link website for firmware updates. If unavailable, implement workarounds immediately.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the router's web management interface

Access router admin panel -> Advanced -> Remote Management -> Disable

Change Default Admin Credentials

all

Use strong, unique passwords for router administration

Access router admin panel -> Management -> Account -> Change password

Network Segmentation

all

Isolate the router management interface to trusted networks only

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

Replace the router with a supported model that receives security updates
Place router behind a firewall that blocks all external access to its management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin panel under System -> Firmware. If version is 1.0.2B05_20181207, device is vulnerable.

Check Version:

curl -s http://router-ip/HNAP1/ | grep -i version or check web interface

Verify Fix Applied:

No official fix available. Verify workarounds by testing that remote access to /HNAP1/ endpoints is blocked.

📡 Detection & Monitoring

Log Indicators:

Unauthorized POST requests to /HNAP1/Set* endpoints
Multiple failed authentication attempts followed by configuration changes

Network Indicators:

External IP addresses accessing router management ports
Unusual configuration changes without admin login

SIEM Query:

source="router-logs" AND (uri="/HNAP1/Set*" AND NOT user="admin")

📊 Metadata

CVE ID: CVE-2024-13030

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-266

Published: December 30, 2024

Last Updated: July 15, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-823G/SetAutoRebootSettings.md Broken Link
https://vuldb.com/?ctiid.289763 Permissions Required,VDB Entry
https://vuldb.com/?id.289763 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.467903 Third Party Advisory,VDB Entry
https://www.dlink.com.cn/about/article/news?id=2247 Product
https://www.dlink.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13030, you might also want to check these: