CVE-2024-0717: CWE-200 Information Disclosure in D-Link DAP-1360
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
AI Analysis
Technical Summary
CVE-2024-0717 is an information disclosure vulnerability (CWE-200) affecting multiple D-Link router models, including but not limited to DAP-1360, DIR-300, DIR-615 series, DIR-820 series, DIR-825 series, DIR-841, DIR-842, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL series, DVG series, DWM series, and Good Line Router v2 up to firmware version 20240112. The vulnerability resides in the HTTP GET Request Handler component, specifically in the /devinfo endpoint. By manipulating the 'area' argument with inputs such as 'notice', 'net', or 'version', an attacker can remotely retrieve sensitive information from the device without authentication or user interaction. The disclosed information could include device configuration details, firmware version, network parameters, or other internal data that could facilitate further attacks or reconnaissance. The vulnerability has a CVSS 3.1 base score of 5.3, indicating a medium severity level, with an attack vector of network (remote), low attack complexity, no privileges required, and no user interaction needed. Although no public exploits are currently known in the wild, the vulnerability details have been publicly disclosed, increasing the risk of exploitation. The affected devices are widely deployed in both consumer and small business environments, making the vulnerability relevant for a broad user base. The lack of authentication requirement and ease of exploitation elevate the risk of unauthorized information disclosure, potentially aiding attackers in crafting targeted attacks or gaining deeper access to affected networks.
Potential Impact
For European organizations, the impact of CVE-2024-0717 can be significant, especially for small and medium enterprises (SMEs) and home office environments relying on vulnerable D-Link routers. The unauthorized disclosure of device information can lead to exposure of network topology, firmware versions, and configuration details, which attackers can leverage to identify further vulnerabilities or launch targeted attacks such as credential theft, network intrusion, or lateral movement. While the vulnerability itself does not directly allow code execution or denial of service, the information gained can be a critical enabler for more severe attacks. In sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure, even indirect compromise through network devices can lead to regulatory non-compliance and reputational damage. Additionally, the widespread use of these D-Link models in European households and small businesses increases the attack surface, potentially allowing attackers to build botnets or conduct large-scale reconnaissance campaigns. The medium severity rating suggests that while immediate catastrophic impact is unlikely, the vulnerability should be addressed promptly to prevent escalation.
Mitigation Recommendations
1. Firmware Update: Organizations and users should verify if D-Link has released firmware updates addressing CVE-2024-0717 and apply them immediately. If no official patch is available, monitor vendor communications closely. 2. Network Segmentation: Isolate vulnerable routers from critical internal networks to limit the impact of potential information disclosure. 3. Access Controls: Restrict remote management access to trusted IP addresses only, preferably disabling WAN-side HTTP access to router management interfaces. 4. Use of VPNs: For remote management, enforce VPN usage to add an authentication layer and encrypt management traffic. 5. Monitoring and Logging: Implement network monitoring to detect unusual HTTP GET requests targeting /devinfo or suspicious patterns indicative of exploitation attempts. 6. Device Replacement: For environments where patching is not feasible or devices are end-of-life, consider replacing vulnerable routers with models that have active security support. 7. Security Awareness: Educate users and administrators about the risks of exposing router management interfaces and encourage best practices in router configuration. These steps go beyond generic advice by focusing on practical network architecture changes and proactive monitoring tailored to this specific vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2024-0717: CWE-200 Information Disclosure in D-Link DAP-1360
Description
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
AI-Powered Analysis
Technical Analysis
CVE-2024-0717 is an information disclosure vulnerability (CWE-200) affecting multiple D-Link router models, including but not limited to DAP-1360, DIR-300, DIR-615 series, DIR-820 series, DIR-825 series, DIR-841, DIR-842, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL series, DVG series, DWM series, and Good Line Router v2 up to firmware version 20240112. The vulnerability resides in the HTTP GET Request Handler component, specifically in the /devinfo endpoint. By manipulating the 'area' argument with inputs such as 'notice', 'net', or 'version', an attacker can remotely retrieve sensitive information from the device without authentication or user interaction. The disclosed information could include device configuration details, firmware version, network parameters, or other internal data that could facilitate further attacks or reconnaissance. The vulnerability has a CVSS 3.1 base score of 5.3, indicating a medium severity level, with an attack vector of network (remote), low attack complexity, no privileges required, and no user interaction needed. Although no public exploits are currently known in the wild, the vulnerability details have been publicly disclosed, increasing the risk of exploitation. The affected devices are widely deployed in both consumer and small business environments, making the vulnerability relevant for a broad user base. The lack of authentication requirement and ease of exploitation elevate the risk of unauthorized information disclosure, potentially aiding attackers in crafting targeted attacks or gaining deeper access to affected networks.
Potential Impact
For European organizations, the impact of CVE-2024-0717 can be significant, especially for small and medium enterprises (SMEs) and home office environments relying on vulnerable D-Link routers. The unauthorized disclosure of device information can lead to exposure of network topology, firmware versions, and configuration details, which attackers can leverage to identify further vulnerabilities or launch targeted attacks such as credential theft, network intrusion, or lateral movement. While the vulnerability itself does not directly allow code execution or denial of service, the information gained can be a critical enabler for more severe attacks. In sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure, even indirect compromise through network devices can lead to regulatory non-compliance and reputational damage. Additionally, the widespread use of these D-Link models in European households and small businesses increases the attack surface, potentially allowing attackers to build botnets or conduct large-scale reconnaissance campaigns. The medium severity rating suggests that while immediate catastrophic impact is unlikely, the vulnerability should be addressed promptly to prevent escalation.
Mitigation Recommendations
1. Firmware Update: Organizations and users should verify if D-Link has released firmware updates addressing CVE-2024-0717 and apply them immediately. If no official patch is available, monitor vendor communications closely. 2. Network Segmentation: Isolate vulnerable routers from critical internal networks to limit the impact of potential information disclosure. 3. Access Controls: Restrict remote management access to trusted IP addresses only, preferably disabling WAN-side HTTP access to router management interfaces. 4. Use of VPNs: For remote management, enforce VPN usage to add an authentication layer and encrypt management traffic. 5. Monitoring and Logging: Implement network monitoring to detect unusual HTTP GET requests targeting /devinfo or suspicious patterns indicative of exploitation attempts. 6. Device Replacement: For environments where patching is not feasible or devices are end-of-life, consider replacing vulnerable routers with models that have active security support. 7. Security Awareness: Educate users and administrators about the risks of exposing router management interfaces and encourage best practices in router configuration. These steps go beyond generic advice by focusing on practical network architecture changes and proactive monitoring tailored to this specific vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2024-01-19T07:21:32.386Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6839c41d182aa0cae2b435af
Added to database: 5/30/2025, 2:43:41 PM
Last enriched: 7/8/2025, 4:42:10 PM
Last updated: 8/15/2025, 2:12:33 AM
Views: 20
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.