{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T02:31:01.913","vulnerabilities":[{"cve":{"id":"CVE-2023-32148","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2024-05-03T02:15:18.940","lastModified":"2025-08-06T14:18:05.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web management interface, which listens on TCP port 80 by default. A crafted XML element in the login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system.\n. Was ZDI-CAN-19545."},{"lang":"es","value":"Vulnerabilidad de omisión de autenticación de inicio de sesión privado de D-Link DIR-2640 HNAP. Esta vulnerabilidad permite a atacantes adyacentes a la red eludir la autenticación en las instalaciones afectadas de los enrutadores D-Link DIR-2640. No se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe dentro de la interfaz de administración web, que escucha en el puerto TCP 80 de forma predeterminada. Un elemento XML manipulado en la solicitud de inicio de sesión puede provocar que la autenticación se realice correctamente sin proporcionar las credenciales adecuadas. Un atacante puede aprovechar esta vulnerabilidad para eludir la autenticación en el sistema. Era ZDI-CAN-19545."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-303"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*","matchCriteriaId":"AC690F1B-7B27-42A1-853A-EF04959FCF07"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-2640:-:*:*:*:*:*:*:*","matchCriteriaId":"D68A4D09-6C9A-4F3B-863D-DF612DB8DB89"}]}]}],"references":[{"url":"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323","source":"zdi-disclosures@trendmicro.com","tags":["Product","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-540/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]},{"url":"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-540/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}