CVE-2024-57045 – This critical vulnerability in D-Link DIR-859 r... (How to Fix)

Q: What is the severity of CVE-2024-57045?

CVE-2024-57045 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability in D-Link DIR-859 routers allows attackers to bypass authentication by forging POST requests to the /getcfg.php page, potentially exposing administrative credentials. Attackers can gain full control of affected routers. All users of DIR-859 routers with firmware version A3 1.05 or earlier are affected.

📋 TL;DR

This critical vulnerability in D-Link DIR-859 routers allows attackers to bypass authentication by forging POST requests to the /getcfg.php page, potentially exposing administrative credentials. Attackers can gain full control of affected routers. All users of DIR-859 routers with firmware version A3 1.05 or earlier are affected.

💻 Affected Systems

Products:

D-Link DIR-859 Wireless AC1750 Dual Band Gigabit Router

Versions: Firmware version A3 1.05 and earlier

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Dir 859 A3 Firmware by Dlink

View all CVEs affecting Dir 859 A3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to intercept all network traffic, install malware, pivot to internal networks, and permanently backdoor the device.

🟠

Likely Case

Attacker gains administrative access to router, changes DNS settings to redirect traffic, steals credentials from connected devices, and disables security features.

🟢

If Mitigated

Limited impact if router is behind firewall with strict inbound rules, though internal network exposure remains possible.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from the internet, making them prime targets.

🏢 Internal Only: MEDIUM - If router web interface is accessible internally, attackers on the local network can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request manipulation required. No authentication needed. Public GitHub repository contains exploitation details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check D-Link website for latest firmware (likely version A3 1.06 or newer)

Vendor Advisory: https://www.dlink.com/en/security-bulletin/

Restart Required: Yes

Instructions:

1. Visit D-Link support website. 2. Download latest firmware for DIR-859. 3. Log into router admin interface. 4. Navigate to System > Firmware Update. 5. Upload and install new firmware. 6. Router will reboot automatically.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevents external access to router web interface

Change Default Admin Credentials

all

While this doesn't fix the bypass, it limits damage if credentials are exposed

🧯 If You Can't Patch

Replace router with supported model
Place router behind dedicated firewall with strict inbound rules blocking port 80/443

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System > Firmware. If version is A3 1.05 or earlier, device is vulnerable.

Check Version:

curl -s http://router-ip/ | grep -i firmware or check web interface

Verify Fix Applied:

After updating, verify firmware version shows as newer than A3 1.05. Test authentication bypass by attempting to access /getcfg.php with forged POST request.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /getcfg.php
Failed login attempts followed by successful admin access
Unusual admin login from unexpected IP addresses

Network Indicators:

HTTP POST requests to /getcfg.php with crafted parameters
Traffic to router on port 80/443 from external IPs

SIEM Query:

source="router-logs" AND (url="/getcfg.php" OR (event="login" AND result="success" AND source_ip NOT IN [trusted_ips]))

📊 Metadata

CVE ID: CVE-2024-57045

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

EPSS Score: 74.5% exploit probability (98.8th percentile)

Published: February 18, 2025

Last Updated: May 21, 2025

🔗 References

https://github.com/Shuanunio/CVE_Requests/blob/main/D-Link/DIR-859/ACL%20bypass%20Vulnerability%20in%20D-Link%20DIR-859.md Exploit,Third Party Advisory
https://www.dlink.com/en/security-bulletin/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57045, you might also want to check these: