PT-2023-9106 · D Link · D-Link Dap-2622
Dmitry Janushkevich
+1
·
Published
2023-01-20
·
Updated
2024-09-18
·
CVE-2023-37325
CVSS v3.1
5.4
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
D-Link DAP-2622 (affected versions not specified)
Description
The issue is related to the lack of authentication for a critical function in the DDP service of the D-Link DAP-2622 wireless access point's firmware. This allows a remote attacker to make unauthorized changes to the device configuration. The specific flaw exists within the DDP service, where the lack of authentication prior to allowing access to functionality enables an attacker to manipulate wireless authentication settings.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dap-2622