D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.
References
Link | Resource |
---|---|
https://github.com/funny-mud-peee/IoT-vuls/tree/main/dir822%2B/2 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
18 Jan 2024, 15:34
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Dlink
Dlink dir-822 Firmware Dlink dir-822 |
|
References | () https://github.com/funny-mud-peee/IoT-vuls/tree/main/dir822%2B/2 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-822_firmware:1.0.2:*:*:*:*:*:*:* |
11 Jan 2024, 16:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-11 16:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-51987
Mitre link : CVE-2023-51987
CVE.ORG link : CVE-2023-51987
JSON object : View
Products Affected
dlink
- dir-822
- dir-822_firmware
CWE
CWE-306
Missing Authentication for Critical Function