Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41187


D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HNAP interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18807.


Published

2024-05-03T03:15:28.590

Last Modified

2025-03-12T16:58:09.920

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-306
  • Type: Primary
    CWE-306

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System dlink dap-1325_firmware < 1.09b03 Yes
Hardware dlink dap-1325 a1 No

References