Dap 1650 Firmware
CVE-2024-40505
CRITICAL
Severity by source
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.
AnalysisAI
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-35. Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. Affected products include: Dlink Dap-1650 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Dap 1650 Firmware
View allA command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. Rated critica
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. Rated critical severity (CVS
In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused
Same weakness CWE-35 – Path Traversal: '.../...//'
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today