CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53896

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.7%

CVSS Severity

CVSS v3 Score 7.5

References

https://www.dlink.com/hr/hr/products/dap-1325-n300-wifi-range-extender
https://www.exploit-db.com/exploits/51556
https://www.vulncheck.com/advisories/d-link-dap-hardware-a-unauthenticated-configuration-download

Products affected by CVE-2023-53896

Dlink » Dap-1325 » Version: N/A

cpe:2.3:h:dlink:dap-1325:-
Dlink » Dap-1325 Firmware » Version: 1.01

cpe:2.3:o:dlink:dap-1325_firmware:1.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53896

Products

Pricing

Contact Us