CVE-2023-53896

High CVSS: 8.7

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script.

Vendor

Dlink

Product

Dap-1325 Firmware

CWE

CWE-306

Yayın Tarihi

2025-12-16 18:16:06

Güncelleme

2025-12-24 17:15:32

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-306 Dap-1325 Firmware HIGH Dlink 2025

Referanslar

https://www.dlink.com/hr/hr/products/dap-1325-n300-wifi-range-extender https://www.exploit-db.com/exploits/51556 https://www.vulncheck.com/advisories/d-link-dap-hardware-a-unauthenticated-configuration-download

Benzer Kayıtlar

Medium

CVE-2026-5312

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…

Medium

CVE-2026-5311

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-32…

High

CVE-2026-5214

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-32…

Medium

CVE-2026-5215

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…

High

CVE-2026-5213

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…

High

CVE-2026-5212

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…