Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-PXR8-26WQ-VFVP

Vulnerability from github – Published: 2026-02-19 18:31 – Updated: 2026-02-19 18:31
VLAI
Details

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22268"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-19T10:16:11Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.",
  "id": "GHSA-pxr8-26wq-vfvp",
  "modified": "2026-02-19T18:31:54Z",
  "published": "2026-02-19T18:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22268"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000429778/dsa-2026-046-security-update-for-dell-powerprotect-data-manager-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q2CR-96J4-C73W

Vulnerability from github – Published: 2025-11-24 03:31 – Updated: 2025-11-24 03:31
VLAI
Details

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints are affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13576"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-24T01:15:46Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints are affected.",
  "id": "GHSA-q2cr-96j4-c73w",
  "modified": "2025-11-24T03:31:19Z",
  "published": "2025-11-24T03:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13576"
    },
    {
      "type": "WEB",
      "url": "https://code-projects.org"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yohane-Mashiro/cve/blob/main/Unauthorized.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.333340"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.333340"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.698772"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q2FX-PXMP-7F63

Vulnerability from github – Published: 2025-10-15 09:30 – Updated: 2026-04-08 18:33
VLAI
Details

The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmp_user role granting all users with the manage_bmp capability by default upon registration through the plugin's form. This makes it possible for unauthenticated attackers to register and manage the plugin's settings.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-15T09:15:36Z",
    "severity": "MODERATE"
  },
  "details": "The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmp_user role granting all users with the manage_bmp capability by default upon registration through the plugin\u0027s form. This makes it possible for unauthenticated attackers to register and manage the plugin\u0027s settings.",
  "id": "GHSA-q2fx-pxmp-7f63",
  "modified": "2026-04-08T18:33:56Z",
  "published": "2025-10-15T09:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10038"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3380455/binary-mlm-plan/tags/5.0/includes/admin/class-bmp-admin-menus.php?old=3259986\u0026old_path=binary-mlm-plan%2Ftags%2F3.0%2Fincludes%2Fadmin%2Fclass-bmp-admin-menus.php"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3380455/binary-mlm-plan/tags/5.0/includes/bmp-hook-functions.php?old=3259986\u0026old_path=binary-mlm-plan%2Ftags%2F3.0%2Fincludes%2Fbmp-hook-functions.php"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/binary-mlm-plan"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7951c8e4-b610-4cc4-ab27-4cfa78d72302?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q2V9-JFQM-JFW4

Vulnerability from github – Published: 2026-04-20 06:31 – Updated: 2026-04-20 06:31
VLAI
Details

A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6609"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-20T06:16:22Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-q2v9-jfqm-jfw4",
  "modified": "2026-04-20T06:31:28Z",
  "published": "2026-04-20T06:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6609"
    },
    {
      "type": "WEB",
      "url": "https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-6-OAuth-Email-Binding-IDOR.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/790288"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358244"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358244/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q37F-R342-4GQ8

Vulnerability from github – Published: 2024-02-16 21:31 – Updated: 2024-02-16 21:31
VLAI
Details

An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-16T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.",
  "id": "GHSA-q37f-r342-4gq8",
  "modified": "2024-02-16T21:31:31Z",
  "published": "2024-02-16T21:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25083"
    },
    {
      "type": "WEB",
      "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q49G-PJ39-5QJ6

Vulnerability from github – Published: 2025-09-08 00:30 – Updated: 2025-09-08 00:30
VLAI
Details

A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-07T23:15:31Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-q49g-pj39-5qj6",
  "modified": "2025-09-08T00:30:19Z",
  "published": "2025-09-08T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10071"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20Vulnerability%20%20in%20%60.cancelar-enturmacao-em-lote.(ID)%60%20Endpoint.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10071.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.323019"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.323019"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.644134"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q4CR-CR7Q-HP2F

Vulnerability from github – Published: 2026-07-13 00:31 – Updated: 2026-07-13 00:31
VLAI
Details

A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument role leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-15509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-12T23:16:37Z",
    "severity": "LOW"
  },
  "details": "A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument role leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-q4cr-cr7q-hp2f",
  "modified": "2026-07-13T00:31:41Z",
  "published": "2026-07-13T00:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15509"
    },
    {
      "type": "WEB",
      "url": "https://bytium.com/insights/leantime-priv-escalation-vulnerability-low-priv-to-owner"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-15509"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/846167"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/377838"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/377838/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q5MF-944J-VGQ2

Vulnerability from github – Published: 2026-07-12 03:31 – Updated: 2026-07-13 21:31
VLAI
Details

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_status.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-15471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-12T02:16:14Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_status.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-q5mf-944j-vgq2",
  "modified": "2026-07-13T21:31:20Z",
  "published": "2026-07-12T03:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15471"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1mXPN23OQiKw9ui9ZUswn0-fOThfZt6xb/view?usp=sharing"
    },
    {
      "type": "WEB",
      "url": "https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15471"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-15471"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/797464"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/377776"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/377776/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q623-F4J4-P4XJ

Vulnerability from github – Published: 2026-05-28 21:32 – Updated: 2026-07-02 17:44
VLAI
Summary
OpenStack Keystone has an Incorrect Authorization issue
Details

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim's identity.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.0.0"
            },
            {
              "fixed": "27.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "28.0.0"
            },
            {
              "fixed": "28.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "29.0.0"
            },
            {
              "fixed": "29.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-43000"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T17:44:16Z",
    "nvd_published_at": "2026-05-28T19:16:37Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim\u0027s identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim\u0027s actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim\u0027s admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim\u0027s identity.",
  "id": "GHSA-q623-f4j4-p4xj",
  "modified": "2026-07-02T17:44:16Z",
  "published": "2026-05-28T21:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43000"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-43000"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/keystone/+bug/2148477"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482826"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/keystone"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2026-601.yaml"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43000.json"
    },
    {
      "type": "WEB",
      "url": "https://security.openstack.org/ossa/OSSA-2026-015.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenStack Keystone has an Incorrect Authorization issue"
}

GHSA-Q7JR-4JMJ-7C77

Vulnerability from github – Published: 2024-12-30 03:30 – Updated: 2024-12-30 03:30
VLAI
Details

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13030"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-30T01:15:06Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-q7jr-4jmj-7c77",
  "modified": "2024-12-30T03:30:30Z",
  "published": "2024-12-30T03:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13030"
    },
    {
      "type": "WEB",
      "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-823G/SetAutoRebootSettings.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.289763"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.289763"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.467903"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com.cn/about/article/news?id=2247"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.