D Link · D-Link Dap-1325 · CVE-2023-53896
**Name of the Vulnerable Software and Affected Versions**
D-Link DAP-1325 firmware version 1.01
**Description**
The device has a flaw in access control that permits unauthenticated attackers to obtain device configuration settings without needing to authenticate. Attackers can access the `/cgi-bin/ExportSettings.sh` endpoint to retrieve sensitive configuration information by directly accessing the export settings script. The vulnerable parameter is not specified.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/cgi-bin/ExportSettings.sh` endpoint.