D-Link Routers Vulnerable to Authentication Bypass Attack via Capture-replay
CVE-2024-38438

9.8CRITICAL

Key Information:

Vendor: D-link
Status: Dsl-225
Vendor: CVE Published:; 21 July 2024

What is CVE-2024-38438?

The vulnerability in D-Link network devices arises from an authentication bypass flaw that can be exploited through capture-replay attacks. This issue allows unauthorized access to sensitive data, thereby compromising the integrity and confidentiality of the affected systems. Affected products, including routers, IP cameras, and switches, require immediate attention to mitigate potential security breaches and protect user information.

Affected Version(s)

DSL-225 version GEM_1.00.02.

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2024
Vulnerability Reserved
Jun 16, 2024

Credit

Hai Vaknin, Yehuda Smirnov

D-link

What is CVE-2024-38438?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit