CVE-2023-53896 HIGH

CVE-2023-53896: D-Link DAP-1325 Hardware A1 Unauthenticated Configuration Download

Vendor D-Link
Product DAP-1325
Weakness CWE-306 · Missing auth
Published December 16, 2025
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script.

Key dates

02Disclosure timeline

December 16, 2025 CVE published
April 7, 2026 Record updated