CVE-2023-32145Use of Hard-coded Password in Dlink Dap-1360 Firmware

CWE-259Use of Hard-coded PasswordCWE-798Hard-coded Credentials3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 66.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dlink Dap-1360 FirmwareDlink Dap-2020 FirmwareD-link Dap-1360
Timeline
PublishedMay 3

Description

D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the sy

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDdlink/dap-1360_firmware< 6.15eub01
CVEListV5d-link/dap-13606.14B01 EU HOTFIX
NVDdlink/dap-2020_firmware< 1.03rc004

Patches

Patch: supportannouncement.us.dlink.comPatch: supportannouncement.us.dlink.com

🔴Vulnerability Details

2
GHSA
GHSA-fxvm-rjfh-3pwm: D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability2024-05-03
CVEList
D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability2024-05-03
CVE-2023-32145 — Use of Hard-coded Password in Dlink | cvebase