CVE-2023-32148

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-32148
D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A crafted XML element in the login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19545.
CVSS

No CVSS.

References
Link Resource
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 Product Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-540/ Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 Product Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-540/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2640:-:*:*:*:*:*:*:*
History

06 Aug 2025, 14:18

Type Values Removed Values Added
References () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 - () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 - Product, Vendor Advisory
References () https://www.zerodayinitiative.com/advisories/ZDI-23-540/ - () https://www.zerodayinitiative.com/advisories/ZDI-23-540/ - Third Party Advisory
First Time Dlink
Dlink dir-2640
Dlink dir-2640 Firmware
CPE cpe:2.3:h:dlink:dir-2640:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*

18 Sep 2024, 19:15

Type Values Removed Values Added
Summary D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A crafted XML element in the login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19545. D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A crafted XML element in the login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19545.

03 May 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-03 02:15

Updated : 2025-08-06 14:18

NVD link : CVE-2023-32148

Mitre link : CVE-2023-32148

JSON object : View

Products Affected

dlink

  • dir-2640
  • dir-2640_firmware
CWE

No CWE.