Login Sign Up

CVE-2024-33110

9.1 CRITICAL
Authentication Bypass

📋 TL;DR

The D-Link DIR-845L router contains a permission bypass vulnerability in the getcfg.php component that allows attackers to access sensitive configuration data without authentication. This affects all versions up to v1.01KRb03. Attackers can exploit this to obtain router credentials and potentially gain full control of the device.

💻 Affected Systems

Products:
  • D-Link DIR-845L
Versions: All versions up to and including v1.01KRb03
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Korean firmware versions specifically. The vulnerability exists in the default configuration.

📦 What is this software?

Dir 845l Firmware by Dlink

View all CVEs affecting Dir 845l Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise leading to credential theft, network traffic interception, malware deployment, and use as pivot point into internal networks.

🟠

Likely Case

Router credential theft enabling administrative access, configuration changes, and potential firmware modification.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and strong internal segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access, though external exploitation is more likely.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept demonstrates simple HTTP request exploitation. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Check D-Link website for firmware updates. If no update exists, consider replacing the router.

🔧 Temporary Workarounds

Disable WAN Management

all

Prevent external access to router management interface

Access router admin panel -> Security -> Remote Management -> Disable

Block getcfg.php Access

linux

Use firewall rules to block access to vulnerable component

iptables -A INPUT -p tcp --dport 80 -m string --string "getcfg.php" --algo bm -j DROP

🧯 If You Can't Patch

  • Replace router with supported model
  • Isolate router in separate VLAN with strict firewall rules

🔍 How to Verify

Check if Vulnerable:

Send HTTP GET request to http://[router-ip]/getcfg.php and check if configuration data is returned without authentication

Check Version:

Check router web interface or use nmap -sV -p80 [router-ip] to identify version

Verify Fix Applied:

Test the same request after applying workarounds - should return error or no sensitive data

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to getcfg.php from unusual IPs
  • Multiple failed login attempts followed by getcfg.php access

Network Indicators:

  • Unusual outbound connections from router
  • Traffic patterns suggesting configuration export

SIEM Query:

source="router_logs" AND uri="/getcfg.php" AND NOT src_ip IN [admin_ips]

📊 Metadata

CVE ID: CVE-2024-33110
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-287
Published: May 6, 2024
Last Updated: May 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33110, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)