{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-41186","assignerOrgId":"99f1926a-a320-47d8-bbb5-42feb611262e","state":"PUBLISHED","assignerShortName":"zdi","dateReserved":"2023-08-24T19:16:24.557Z","datePublished":"2024-05-03T02:11:46.996Z","dateUpdated":"2024-08-02T18:54:04.177Z"},"containers":{"cna":{"providerMetadata":{"orgId":"99f1926a-a320-47d8-bbb5-42feb611262e","shortName":"zdi","dateUpdated":"2024-05-03T02:11:46.996Z"},"title":"D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability","descriptions":[{"lang":"en","value":"D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to access various functionality on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the CGI interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-18804."}],"affected":[{"vendor":"D-Link","product":"DAP-1325","versions":[{"version":"1.07b01","status":"affected"}],"defaultStatus":"unknown"}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-306","description":"CWE-306: Missing Authentication for Critical Function","type":"CWE"}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1323/","name":"ZDI-23-1323","tags":["x_research-advisory"]},{"url":"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351","name":"vendor-provided URL","tags":["vendor-advisory"]}],"dateAssigned":"2023-08-24T19:26:26.685Z","datePublic":"2023-09-07T13:38:50.827Z","source":{"lang":"en","value":"Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"},"metrics":[{"format":"CVSS","cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM"}}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-05T17:25:32.169900Z","id":"CVE-2023-41186","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-05T17:25:42.875Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T18:54:04.177Z"},"title":"CVE Program Container","references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1323/","name":"ZDI-23-1323","tags":["x_research-advisory","x_transferred"]},{"url":"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351","name":"vendor-provided URL","tags":["vendor-advisory","x_transferred"]}]}]}}