CVE-2023-53974 – D-Link DSL-124 routers running ME

Q: What is the severity of CVE-2023-53974?

CVE-2023-53974 has a CVSS score of 7.5 (HIGH). D-Link DSL-124 routers running ME_1.00 firmware contain an unauthenticated configuration file disclosure vulnerability. Attackers can retrieve complete backup files containing sensitive network credentials and system configurations via a specific POST request. This affects all users of vulnerable D-Link DSL-124 routers with the affected firmware.

📋 TL;DR

D-Link DSL-124 routers running ME_1.00 firmware contain an unauthenticated configuration file disclosure vulnerability. Attackers can retrieve complete backup files containing sensitive network credentials and system configurations via a specific POST request. This affects all users of vulnerable D-Link DSL-124 routers with the affected firmware.

💻 Affected Systems

Products:

D-Link DSL-124

Versions: ME_1.00

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected by default.

📦 What is this software?

Dsl 124 Firmware by Dlink

View all CVEs affecting Dsl 124 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full network access, steal credentials, reconfigure router for malicious purposes, or use as pivot point for internal attacks.

🟠

Likely Case

Attackers steal Wi-Fi passwords, admin credentials, and network configuration details for unauthorized access or reconnaissance.

🟢

If Mitigated

Limited to information disclosure without ability to modify configurations or execute code.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires sending a single POST request to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://dlinkmea.com/index.php/product/details?det=dU1iNFc4cWRsdUpjWEpETFlSeFlZdz09

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates.

🔧 Temporary Workarounds

Disable remote management

all

Disable remote administration/management features to prevent external exploitation

Network segmentation

all

Place router in isolated network segment with strict firewall rules

🧯 If You Can't Patch

Replace affected hardware with supported, patched alternatives
Implement network monitoring for suspicious POST requests to router configuration endpoints

🔍 How to Verify

Check if Vulnerable:

Send POST request to router's configuration endpoint and check if backup file is returned without authentication

Check Version:

Check router web interface or use nmap/router scanning tools to identify firmware version

Verify Fix Applied:

Attempt the exploit after applying workarounds to confirm access is blocked

📡 Detection & Monitoring

Log Indicators:

Unauthenticated POST requests to configuration/backup endpoints
Large file downloads from router management interface

Network Indicators:

POST requests to router IP on port 80/443 with specific backup-related parameters
Unusual outbound traffic from router

SIEM Query:

source_ip=router_ip AND http_method=POST AND (uri_contains='backup' OR uri_contains='config') AND auth_status='failed'

📊 Metadata

CVE ID: CVE-2023-53974

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-306

EPSS Score: 0.1% exploit probability (28.1th percentile)

Published: December 22, 2025

Last Updated: December 26, 2025

🔗 References

https://dlinkmea.com/index.php/product/details?det=dU1iNFc4cWRsdUpjWEpETFlSeFlZdz09 Product
https://www.dlink.com Product
https://www.exploit-db.com/exploits/51129 Exploit
https://www.vulncheck.com/advisories/d-link-dsl-me-backup-configuration-file-disclosure-via-unauthenticated-request Third Party Advisory
https://www.exploit-db.com/exploits/51129 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53974, you might also want to check these: