Vulnerabilities > CVE-2023-32137 - Unspecified vulnerability in Dlink Dap-1360 Firmware and Dap-2020 Firmware

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

dlink

NVD

Published: 2024-05-03

Updated: 2025-05-16

Summary

D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. . Was ZDI-CAN-18415.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DAP 1360 Firmware - Dlink DAP 1360 Firmware 2.5.4 Dlink DAP 2020 Firmware 1.01	4
Hardware	Dlink Dlink DAP 1360 F1 Dlink DAP 2020 A2	2

Summary

Vulnerable Configurations

References