Config File Disclosure in D-Link DSL-124 ME_1.00 via POST
CVE-2023-53974 Published on December 22, 2025
D-Link DSL-124 ME_1.00 Backup Configuration File Disclosure via Unauthenticated Request
D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations.
Vulnerability Analysis
CVE-2023-53974 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Affected Versions
D-Link DSL-124 Wireless N300 ADSL2+ Version ME_1.00 is affected by CVE-2023-53974Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.