CVE-2022-36785

Name of the Vulnerable Software and Affected Versions D-Link - G integrated Access Device4 (affected versions not specified)

Description The issue concerns information disclosure and authorization bypass. It involves a file containing a URL with a private IP address and default username value "admin" in "login.asp". The web interface does not properly validate user identity variables, such as login glag and login status, allowing access without proper checking. This enables reading of admin user credentials. The vulnerability can be exploited by accessing the "setupWizard.asp" URL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.