CVE Vulnerabilities

CVE-2023-34282

Incorrect Implementation of Authentication Algorithm

Published: May 03, 2024 | Modified: Mar 13, 2025
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. A crafted authentication header can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20910.

Weakness

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

Affected Software

Name Vendor Start Version End Version
Dir-2150_firmware Dlink * 1.06 (excluding)

References