CVE-2023-32152

Name of the Vulnerable Software and Affected Versions D-Link DIR-2640 (affected versions not specified)

Description This issue allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. The flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials, leveraging the vulnerability to bypass authentication on the system. The issue is related to the LoginPassword parameter in the web management interface.

Recommendations As a temporary workaround, consider restricting access to the web management interface until a patch is available. Avoid using the LoginPassword parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.