D-Link - CWE-294: Authentication Bypass by Capture-replay
The authentication mechanism in the device is vulnerable to a capture-replay attack (CWE-294), which involves intercepting valid authentication credentials transmitted over the network and then replaying them to gain access. The device does not implement appropriate protection mechanisms against reuse of intercepted sessions or authentication tokens. A remote attacker, without any privileges and without user interaction, can effectively impersonate an authenticated user.
An attacker can gain unauthorized access to the device's administrative panel, leading to complete control over the DSL router — including changes to network configuration, interception of network traffic, and potential compromise of system confidentiality, integrity, and availability.
Security patches available from the manufacturer should be applied in accordance with the references. It is also recommended to restrict access to the device management interface exclusively to trusted IP addresses and to avoid exposing the administrative panel directly to the public Internet.
D-Link DSL-225 and D-Link DSL-225 Firmware — specific versions indicated in the manufacturer's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dsl 225
HWDlinkwszystkie wersjeDlink Dsl 225 Firmware
OSDlinkgem_1.00.02
Related vulnerabilities
Pominięcie uwierzytelniania w D-Link DSL-225 (Auth Bypass)
D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to roo...
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli para...
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...