The vulnerability of the command-line interface (CLI) of D-Link DAP-2622 wireless access point’s software allows a hacker to gain increased privileges.

🗓️ 29 Aug 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 5 Views

CLI flaw in D-Link DAP-2622 enables privilege escalation via encoded credentials bypassing authentication.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2023-35724	3 May 202402:15	–	attackerkb
CNNVD	D-Link DAP-2622 安全漏洞	3 May 202400:00	–	cnnvd
CNVD	D-Link DAP-2622 Hardcoded Credential Authentication Bypass Vulnerability	12 Jul 202400:00	–	cnvd
CVE	CVE-2023-35724	3 May 202401:57	–	cve
Cvelist	CVE-2023-35724 D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability	3 May 202401:57	–	cvelist
EUVD	EUVD-2023-39723	3 Oct 202520:07	–	euvd
NVD	CVE-2023-35724	3 May 202402:15	–	nvd
OSV	CVE-2023-35724	3 May 202402:15	–	osv
Positive Technologies	PT-2023-4579 · D Link · D-Link Dap-2622	24 Aug 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-35724 D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability	3 May 202401:57	–	vulnrichment

Source	Link
supportannouncement	www.supportannouncement.us.dlink.com/announcement/publication.aspx
vuldb	www.vuldb.com/ru/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-1230/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-1230/

29 Aug 2023 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 28.3

CVSS 38.8

EPSS0.00865

command line interface D-Link DAP-2622 privilege escalation encoded credentials authentication bypass