CVE-2023-53974
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-22

Last updated on: 2025-12-26

Assigner: VulnCheck

Description
D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-26
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53974
EUVD
EUVD-2023-60236
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dsl-124_firmware 1.00
dlink dsl-124 r1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53974 is a vulnerability in the D-Link DSL-124 Wireless N300 ADSL2+ router firmware ME_1.00 that allows unauthenticated attackers to send a specific POST request to the router's configuration endpoint and download a complete backup configuration file. This file contains sensitive network credentials and system configuration details. The vulnerability exists because the router does not properly verify user sessions or restrict access to this backup functionality, enabling remote attackers to retrieve critical configuration data without any authentication or user interaction. [1, 2]

Impact Analysis

This vulnerability can have a significant impact by exposing sensitive network credentials such as WLAN WPA pre-shared keys and other system configurations to unauthorized attackers. With this information, attackers can potentially compromise the network, gain unauthorized access, and manipulate router settings. Since the attack requires no privileges or user interaction and can be performed remotely, it poses a high risk of unauthorized access and network compromise. [1, 2]

Detection Guidance

This vulnerability can be detected by sending a specific POST request to the router's configuration endpoint and checking if the router responds with a backup configuration file. For example, you can use the following curl command to test if the device is vulnerable: curl -X POST http://<router-ip>/form2saveConf.cgi -d "submit.htm?saveconf.htm=Back+Settings" -o config.img If the response is a file named config.img containing router configuration data, the device is vulnerable. [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's configuration endpoint by implementing proper authentication and access controls, updating the router firmware if a patch is available, and limiting network exposure of the device by placing it behind a firewall or restricting remote access. Additionally, changing all sensitive credentials after mitigation is recommended to prevent unauthorized access using leaked configuration data. [1, 2]

Compliance Impact

This vulnerability allows unauthenticated attackers to retrieve sensitive network credentials and system configurations from the router, potentially leading to unauthorized access and data exposure. Such exposure of sensitive information could result in non-compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding of sensitive data and network security. Therefore, the vulnerability poses a risk to compliance by enabling unauthorized disclosure of sensitive configuration data. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53974. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart