D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script.

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script.

Уязвимость сценария ExportSettings.sh (/cgi-bin/ExportSettings.sh) микропрограммного обеспечения усилителя беспроводного сигнала D-Link DAP-1325, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации