CVE-2023-34282

CWE-3033 documents3 sources
Severity
8.8HIGH
EPSS
0.7%
top 27.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dir-2150 FirmwareD-link Dir-2150
Timeline
PublishedMay 3

Description

D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. A crafted authentication header can cause authentication to succeed without providing proper cred

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5d-link/dir-21501.05B01

🔴Vulnerability Details

2
CVEList
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability2024-05-03
GHSA
GHSA-whx2-qjxv-4vr9: D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability2024-05-03
CVE-2023-34282 (HIGH CVSS 8.8) | D-Link DIR-2150 HNAP Incorrect Impl | cvebase.io