How severe is CVE-2023-44420?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-44420?

This is classified as CWE-303, which is a common weakness in software security.

CVE-2023-44420 - HIGH Severity | CVSS 8.8

Vulnerability Description

D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi executable. The issue results from an incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the device. Was ZDI-CAN-21100.

Related Vulnerabilities

CVE-2020-15632

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability....

CWE-3032020

CVE-2020-8861

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit...

CWE-3032020

CVE-2020-8863

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not req...

CWE-3032020

CVE-2023-34274

HIGH

CVSS:8.8(High)

D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on...

CWE-3032023

CVE-2023-34282

HIGH

CVSS:8.8(High)

D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected...

CWE-3032023

CVE-2016-9463

HIGH

CVSS:8.1(High)

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled...

CWE-3032016