Login Sign Up

CVE-2024-44408

7.5 HIGH
Authentication Bypass

📋 TL;DR

The D-Link DIR-823G router version 1.0.2B05_20181207 allows unauthorized users to download configuration files containing plaintext passwords. This vulnerability exposes administrative credentials and device settings to attackers on the same network. Anyone using this specific router firmware version is affected.

💻 Affected Systems

Products:
  • D-Link DIR-823G
Versions: v1.0.2B05_20181207
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: This appears to be a default configuration vulnerability in the specified firmware version.

📦 What is this software?

Dir 823g Firmware by Dlink

View all CVEs affecting Dir 823g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the router, change network settings, intercept traffic, install malware, or pivot to other devices on the network.

🟠

Likely Case

Local network attackers steal administrative credentials and modify router settings for malicious purposes like DNS hijacking or network monitoring.

🟢

If Mitigated

With proper network segmentation and access controls, the impact is limited to the local network segment containing the vulnerable device.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The exploit requires network access but no authentication, making it trivial for attackers on the same network.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

Check D-Link's official support site for firmware updates. If available, download the latest firmware and apply it through the router's web interface.

🔧 Temporary Workarounds

Restrict network access

all

Place the router on an isolated network segment and restrict access to its management interface.

Change default credentials

all

Change administrative passwords immediately, though this may not fully mitigate the vulnerability if configuration files still contain plaintext passwords.

🧯 If You Can't Patch

  • Replace the vulnerable device with a supported model
  • Implement strict network segmentation to isolate the router from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if you can access the configuration download URL without authentication (typically via HTTP request to router's configuration endpoint).

Check Version:

Log into router web interface and check firmware version in System Status or similar section.

Verify Fix Applied:

Verify that configuration files can no longer be downloaded without proper authentication.

📡 Detection & Monitoring

Log Indicators:

  • Unusual configuration file download requests
  • Multiple failed login attempts followed by configuration access

Network Indicators:

  • HTTP requests to configuration endpoints from unauthorized IP addresses
  • Unusual traffic patterns to router management interface

SIEM Query:

source_ip NOT IN authorized_admin_ips AND (url CONTAINS 'config' OR url CONTAINS 'configuration') AND destination_ip = router_ip

📊 Metadata

CVE ID: CVE-2024-44408
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-862
Published: September 6, 2024
Last Updated: September 10, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-44408, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)