Lucene search

[email protected]NVD:CVE-2023-41186

HistoryMay 03, 2024 - 3:15 a.m.

CVE-2023-41186

2024-05-0303:15:28

CWE-306

[email protected]

web.nvd.nist.gov

vulnerability

information disclosure

d-link dap-1325

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

16.2%

JSON

D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to access various functionality on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the CGI interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-18804.

References

supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351

www.zerodayinitiative.com/advisories/ZDI-23-1323/

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for NVD:CVE-2023-41186

vulnrichment1 cvelist1 zdi1 cve1