Login Sign Up

CVE-2023-50199

8.8 HIGH
Remote Code Execution Authentication Bypass

📋 TL;DR

This vulnerability allows network-adjacent attackers to bypass authentication on D-Link G416 routers and execute critical functions without credentials. Attackers can potentially gain remote code execution on the device. Only D-Link G416 router users are affected.

💻 Affected Systems

Products:
  • D-Link G416 Wireless Router
Versions: All versions prior to firmware fix
Operating Systems: Embedded Linux/Proprietary Router OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects HTTP service on port 80. Requires network adjacency (same network segment).

📦 What is this software?

G416 Firmware by Dlink

View all CVEs affecting G416 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router allowing attacker to intercept/modify all network traffic, install persistent malware, or use router as pivot point into internal network.

🟠

Likely Case

Router configuration changes, DNS hijacking, credential theft from connected devices, or denial of service.

🟢

If Mitigated

Limited impact if router is behind firewall with strict inbound rules and network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

No authentication required. Exploit likely involves crafted HTTP requests to specific endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check D-Link support for latest firmware

Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367

Restart Required: Yes

Instructions:

1. Visit D-Link support site. 2. Download latest firmware for G416. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable HTTP admin access

all

Disable HTTP admin interface and use HTTPS only if supported

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

  • Replace affected router with different model
  • Implement strict firewall rules blocking all inbound access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version against D-Link advisory. Attempt to access admin functions without authentication.

Check Version:

Log into router admin interface and check firmware version in System Status or similar section.

Verify Fix Applied:

Verify firmware version matches patched version from D-Link. Test authentication bypass attempts fail.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access to admin endpoints
  • Multiple failed login attempts followed by successful admin actions

Network Indicators:

  • Unusual HTTP requests to router port 80 from internal hosts
  • Traffic patterns suggesting router configuration changes

SIEM Query:

source="router.log" AND (http_method="POST" OR http_method="GET") AND (uri CONTAINS "/cgi-bin/" OR uri CONTAINS "/goform/") AND user="-"

📊 Metadata

CVE ID: CVE-2023-50199
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-306
Published: May 3, 2024
Last Updated: March 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50199, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)
CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)