Lucene search
AnonymousZDI-23-540HistoryMay 04, 2023 - 12:00 a.m.
D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability
2023-05-0400:00:00
Anonymous
www.zerodayinitiative.com
9
d-link dir-2640
hnap
privatelogin
authentication bypass
network-adjacent attackers
web management interface
tcp port 80
crafted xml element
login request
proper credentials
system
0.0005 Low
EPSS
Percentile
16.4%
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A crafted XML element in the login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system.
Related
nvd
nvd
CVE-2023-32148
2024-05-03 02:15:18
cve
cve
CVE-2023-32148
2024-05-03 02:15:18
cvelist
cvelist
vulnrichment
vulnrichment