Login Sign Up

CVE-2023-37325

5.4 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows network-adjacent attackers to modify wireless network settings on D-Link DAP-2622 routers without authentication. Attackers can change SSID configurations, potentially disrupting network access or creating rogue access points. Only users of affected D-Link DAP-2622 routers are impacted.

💻 Affected Systems

Products:
  • D-Link DAP-2622
Versions: All versions prior to firmware 1.11B01
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default DDP service configuration; requires network adjacency to exploit.

📦 What is this software?

Dap 2622 Firmware by Dlink

View all CVEs affecting Dap 2622 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker creates rogue access points to intercept traffic, changes network credentials to deny legitimate access, or reconfigures the device to join malicious networks.

🟠

Likely Case

Network disruption through SSID changes, temporary denial of service for wireless clients, or creation of confusing duplicate network names.

🟢

If Mitigated

Minimal impact if device is patched or isolated from untrusted networks; configuration changes would be limited to adjacent attackers.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the DDP service port; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware 1.11B01

Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349

Restart Required: Yes

Instructions:

1. Download firmware 1.11B01 from D-Link support site. 2. Log into router web interface. 3. Navigate to System > Firmware Update. 4. Upload and apply the firmware file. 5. Wait for automatic reboot.

🔧 Temporary Workarounds

Disable DDP Service

all

Turn off the DDP service if not needed for network management

Network Segmentation

all

Isolate router management interface from untrusted networks using VLANs or firewall rules

🧯 If You Can't Patch

  • Segment the router on a dedicated management VLAN inaccessible to regular users
  • Implement network access controls to restrict DDP service access to authorized management stations only

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System > Firmware; versions below 1.11B01 are vulnerable.

Check Version:

No CLI command; check via web interface at System > Firmware

Verify Fix Applied:

Confirm firmware version shows 1.11B01 or higher after update; test DDP service authentication requirements.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized configuration changes in system logs
  • Unexpected DDP service connections from unknown IPs

Network Indicators:

  • Unusual traffic to DDP service port (typically UDP 29808)
  • SSID configuration changes without administrator action

SIEM Query:

source="router_logs" AND (event="configuration_change" OR service="ddp") AND user="unauthenticated"

📊 Metadata

CVE ID: CVE-2023-37325
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-306
Published: May 7, 2024
Last Updated: August 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37325, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)
CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)