Unrated severityNVD Advisory· Published Dec 22, 2025· Updated Dec 22, 2025
D-Link DSL-124 ME_1.00 Backup Configuration File Disclosure via Unauthenticated Request
CVE-2023-53974
Description
D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations.
Affected products
2- D-Link/DSL-124 Wireless N300 ADSL2+v5Range: ME_1.00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.exploit-db.com/exploits/51129mitreexploit
- www.vulncheck.com/advisories/d-link-dsl-me-backup-configuration-file-disclosure-via-unauthenticated-requestmitrethird-party-advisory
- dlinkmea.com/index.php/product/detailsmitreproduct
- www.dlink.commitreproduct
News mentions
0No linked articles in our index yet.