Information Disclosure Vulnerability in D-LINK DIR-882 Router
CVE-2023-26925

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dir-882 Firmware
Vendor: CVE Published:; 31 March 2023

What is CVE-2023-26925?

An information disclosure vulnerability is present in the Syslog functionality of the D-LINK DIR-882 router version 1.30. Attackers can exploit this vulnerability by sending specially crafted network requests, which may lead to the unintended exposure of sensitive information. It is crucial for users of affected products to update their devices and review security best practices to mitigate potential risks. For further details and security bulletins, visit D-Link's official security page.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/laotun-s/POC/blob/main/CVE-2023-26925.txt

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2023
Vulnerability Reserved
Feb 27, 2023