CVE-2023-36090
Description
Authentication bypass in D-Link DIR-885L FW102b01 via phpcgi allows remote attackers to gain escalated privileges. Product is end-of-life.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authentication bypass in D-Link DIR-885L FW102b01 via phpcgi allows remote attackers to gain escalated privileges. Product is end-of-life.
Vulnerability
An authentication bypass vulnerability exists in the D-Link DIR-885L router, specifically in firmware version FW102b01, via the phpcgi component. The flaw allows remote attackers to bypass authentication mechanisms without valid credentials. According to the vendor, this product is end-of-life and no longer supported [1].
Exploitation
An attacker can exploit this vulnerability remotely by sending crafted requests to the phpcgi interface on the affected device. No prior authentication is required, and no user interaction is needed. The attack vector is over the network, leveraging the HTTP/HTTPS management interface.
Impact
Successful exploitation allows an attacker to gain escalated privileges, effectively bypassing authentication controls. This can lead to full administrative control over the router, enabling information disclosure, configuration changes, or further network compromise.
Mitigation
D-Link has designated the DIR-885L as end-of-life (EOL) and will not release a firmware update to fix this vulnerability [1]. Users are advised to replace the device with a supported model. No workaround is provided by the vendor. This CVE is not listed in the Known Exploited Vulnerabilities (KEV) catalog as of publication.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- D-Link/DIR-885Ldescription
- Range: FX102b01
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.