CVE-2023-32137

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 63.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dlink Dap-1360 FirmwareDlink Dap-2020 FirmwareD-link Dap-1360
Timeline
PublishedMay 3

Description

D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file oper

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDdlink/dap-1360_firmware< 6.15eub01
CVEListV5d-link/dap-13606.14B01 EU HOTFIX
NVDdlink/dap-2020_firmware< 1.03rc004

Patches

Patch: supportannouncement.us.dlink.comPatch: supportannouncement.us.dlink.com

🔴Vulnerability Details

2
GHSA
GHSA-rc8x-5fp8-vfmj: D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability2024-05-03
CVEList
D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability2024-05-03
CVE-2023-32137 (MEDIUM CVSS 6.5) | D-Link DAP-1360 webproc WEB_Display | cvebase.io