6.5

CVE-2023-50212

EPSS 0.77%
Published 03.05.2024 03:16:08
Last modified 10.03.2025 16:56:59
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper handling of error conditions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-21664.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ G416 Firmware Version < 1.09b01

Dlink ≫ G416 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.77%	0.726

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
zdi-disclosures@trendmicro.com	4.3	2.8	1.4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367

Vendor Advisory

Mitigation

https://www.zerodayinitiative.com/advisories/ZDI-23-1828/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50212

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50212

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50212

EUVD