Lucene search

[email protected]NVD:CVE-2023-26615

HistoryJun 28, 2023 - 3:15 p.m.

CVE-2023-26615

2023-06-2815:15:10

CWE-640

[email protected]

web.nvd.nist.gov

cve-2023-26615

password reset

setmultipleactions api

unauthorized access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

61.7%

JSON

D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.

Affected configurations

NVD

Node

dlinkdir-823g_firmwareMatch1.02b05

AND

dlinkdir-823gMatch-

References

github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1

github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1/SetMultipleActions

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

61.7%

JSON

Related for NVD:CVE-2023-26615

cvelist1 cve1 prion1 openvas1