D-Link, a renowned networking solutions provider, has recently issued patches to address two critical vulnerabilities discovered in its network management suite, posing potential risks of authentication bypass and remote code execution.
The vulnerabilities, identified as CVE-2023-32165 and CVE-2023-32169, were initially detected by security researchers participating in Trend Micro’s Zero Day Initiative (ZDI) towards the end of last year. Among the various vulnerabilities found, these two stood out as the most concerning. CVE-2023-32165 is classified as a remote code execution flaw capable of executing arbitrary code with SYSTEM privileges, while CVE-2023-32169 is an authentication bypass vulnerability leading to privilege escalation, unauthorized access to information, and potential malware installation.
