Incorrect Implementation of Authentication Algorithm

CVE-2023-32152

Medium

6.5/10

Summary

D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19549.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-303 - Incorrect Implementation of Authentication Algorithm

The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

References

Advisory Timeline

Published May 03, 2024

Incorrect Implementation of Authentication Algorithm

CVE-2023-32152

Summary

CWE-303 - Incorrect Implementation of Authentication Algorithm

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS