How severe is CVE-2023-32152?

CVE-2023-32152 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2023-32152

Name: dir-2640
Author: dlink

6.5MEDIUM

D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 route

Publicado: 5/3/2024Actualizado: 8/6/2025

Descripción

D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19549.

Análisis IAImpulsado por IA

Productos Afectados

dlinkdir-2640_firmware

1.11b02

dlinkdir-2640

Referencias

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323
ProductVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-544/
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323
ProductVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-544/
Third Party Advisory