CVE-2023-53896 — Missing Authentication for Critical Function in D-link Dap-1325

CWE-306 — Missing Authentication for Critical Function3 documents3 sources

Severity

8.7HIGHNVD

EPSS

0.4%

top 40.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dap-1325 Dlink Dap-1325 Firmware

Timeline

PublishedDec 16

Description

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDdlink/dap-1325_firmware1.01

▶CVEListV5d-link/dap-13251.01

🔴Vulnerability Details

GHSA

GHSA-326p-rwp7-v23g: D-Link DAP-1325 firmware version 1↗2025-12-16

▶

CVEList

D-Link DAP-1325 Hardware A1 Unauthenticated Configuration Download↗2025-12-16

▶