D-Link Faces Auth Bypass Vulnerability in Smart Home Devices
CVE-2024-38437

9.8CRITICAL

Key Information:

Vendor: D-link
Status: Dsl-225
Vendor: CVE Published:; 21 July 2024

What is CVE-2024-38437?

D-Link products are at risk due to an authentication bypass vulnerability that allows unauthorized users to gain access through alternative paths or channels. This vulnerability poses a significant threat as it can enable attackers to manipulate network operations and gain control over systems without proper authorization. Users of affected D-Link networking devices are advised to update their firmware to the latest versions to mitigate the risks associated with this security issue.

Affected Version(s)

DSL-225 version BZ_1.00.16

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2024
Vulnerability Reserved
Jun 16, 2024

Credit

Hai Vaknin, Yehuda Smirnov

D-link

What is CVE-2024-38437?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit