CVE-2023-46033

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-46033
D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357 Product
https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router Product
https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dsl-2730u_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2730u:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dsl-2750u_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*
History

12 Sep 2024, 19:35

Type Values Removed Values Added
CWE CWE-284

07 Nov 2023, 04:21

Type Values Removed Values Added
Summary ** UNSUPPORTED WHEN ASSIGNED ** D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control. D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.

27 Oct 2023, 21:52

Type Values Removed Values Added
First Time Dlink dsl-2730u Firmware
Dlink
Dlink dsl-2750u
Dlink dsl-2730u
Dlink dsl-2750u Firmware
CPE cpe:2.3:o:dlink:dsl-2750u_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2730u:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl-2730u_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*
References (MISC) https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router - (MISC) https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router - Product
References (MISC) https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router - (MISC) https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router - Product
References (MISC) https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357 - (MISC) https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357 - Product
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8
CWE NVD-CWE-noinfo

19 Oct 2023, 16:41

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-19 16:15

Updated : 2024-09-12 19:35

NVD link : CVE-2023-46033

Mitre link : CVE-2023-46033

CVE.ORG link : CVE-2023-46033

JSON object : View

Products Affected

dlink

  • dsl-2750u_firmware
  • dsl-2730u_firmware
  • dsl-2730u
  • dsl-2750u
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024