Lucene search

K
zdiAnonymousZDI-23-628
HistoryMay 15, 2023 - 12:00 a.m.

D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

2023-05-1500:00:00
Anonymous
www.zerodayinitiative.com
7

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. A crafted authentication header can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system.