7.4

CVE-2023-35750

EPSS 0.27%
Veröffentlicht 03.05.2024 02:15:39
Zuletzt bearbeitet 13.05.2025 13:54:17
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
. Was ZDI-CAN-20078.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dlink ≫ Dap-2622 Firmware Version < 1.10b03r022

Dlink ≫ Dap-2622 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.499

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
zdi-disclosures@trendmicro.com	7.4	2.8	4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349

Patch

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-1255/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-35750

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-35750

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-35750

EUVD