D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
CVE-2023-32224

9.8CRITICAL

Key Information:

Vendor: D-link
Status: Dsl-224 Firmware Version 3.0.10
Vendor: CVE Published:; 28 June 2023

Summary

The D-Link DSL-224 firmware version 3.0.10 exposes a significant vulnerability through improper restrictions on excessive authentication attempts. This flaw may allow unauthorized users to perform brute-force attacks, thereby compromising the security of the affected device. Users of D-Link DSL-224 are urged to update their firmware to enhance security and protect their networks from potential unauthorized access.

Affected Version(s)

DSL-224 firmware version 3.0.10 Update to the latest version

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2023
Vulnerability Reserved
May 4, 2023

Credit

Nerya Zadkani