7.4

CVE-2023-35750

EPSS 0.29%
Published 03.05.2024 02:15:39
Last modified 13.05.2025 13:54:17
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
. Was ZDI-CAN-20078.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dap-2622 Firmware Version < 1.10b03r022

Dlink ≫ Dap-2622 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.515

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
zdi-disclosures@trendmicro.com	7.4	2.8	4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349

Patch

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-1255/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-35750

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-35750

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-35750

EUVD