| Title | D-Link DIR-823G V1.0.2B05_20181207 Improper Access Controls |
|---|
| Description | An improper access control vulnerability exists in the web management interface of DIR823G_V1.0.2B05_20181207. By sending a specially crafted unauthenticated HTTP POST request to the `/HNAP1/` endpoint with the `SOAPAction` header set to `SetDDNSSettings`, an attacker can enable or disable the DDNS service of the device. |
|---|
| Source | ⚠️ https://lavender-bicycle-a5a.notion.site/D-Link-DIR-823G-SetDDNSSettings-1ac53a41781f80d98649dd3cbe106e9b?pvs=4 |
|---|
| User | wxhwxhwxh_mie (UID 66748) |
|---|
| Submission | 03/04/2025 05:38 AM (4 months ago) |
|---|
| Moderation | 03/15/2025 11:21 PM (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 299826 [D-Link DIR-823G 1.0.2B05_20181207 DDNS Service /HNAP1/ SetDDNSSettings SOAPAction improper authorization] |
|---|
| Points | 16 |
|---|