Sign-up

ID

VAR-202312-0589


CVE

CVE-2023-50212


TITLE

D-Link Systems, Inc.  of  G416  Exceptional condition handling vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-028329

DESCRIPTION

D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper handling of error conditions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-21664. D-Link Systems, Inc. The D-Link G416 is a 4G+ smart router from D-Link, launched in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps

Trust: 2.88

sources: NVD: CVE-2023-50212 // JVNDB: JVNDB-2023-028329 // ZDI: ZDI-23-1828 // CNVD: CNVD-2025-18891 // VULMON: CVE-2023-50212

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-18891

AFFECTED PRODUCTS

vendor:d linkmodel:g416scope: - version: -

Trust: 2.1

vendor:dlinkmodel:g416scope:ltversion:1.09b01

Trust: 1.0

vendor:d linkmodel:g416scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:g416scope:eqversion:g416 firmware 1.09b01

Trust: 0.8

sources: ZDI: ZDI-23-1828 // CNVD: CNVD-2025-18891 // JVNDB: JVNDB-2023-028329 // NVD: CVE-2023-50212

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2023-50212
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2023-50212
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-50212
value: MEDIUM

Trust: 0.8

ZDI: CVE-2023-50212
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2025-18891
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-18891
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2023-50212
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

nvd@nist.gov: CVE-2023-50212
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-50212
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2023-50212
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-23-1828 // CNVD: CNVD-2025-18891 // JVNDB: JVNDB-2023-028329 // NVD: CVE-2023-50212 // NVD: CVE-2023-50212

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.0

problemtype:Improper handling in exceptional conditions (CWE-755) [ others ]

Trust: 0.8

problemtype: Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-028329 // NVD: CVE-2023-50212

PATCH

title:D-Link has issued an update to correct this vulnerability.url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367

Trust: 0.7

title:Patch for D-Link G416 Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/719911

Trust: 0.6

sources: ZDI: ZDI-23-1828 // CNVD: CNVD-2025-18891

EXTERNAL IDS

db:NVDid:CVE-2023-50212

Trust: 4.0

db:ZDIid:ZDI-23-1828

Trust: 2.6

db:DLINKid:SAP10367

Trust: 1.8

db:JVNDBid:JVNDB-2023-028329

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-21664

Trust: 0.7

db:CNVDid:CNVD-2025-18891

Trust: 0.6

db:VULMONid:CVE-2023-50212

Trust: 0.1

sources: ZDI: ZDI-23-1828 // CNVD: CNVD-2025-18891 // VULMON: CVE-2023-50212 // JVNDB: JVNDB-2023-028329 // NVD: CVE-2023-50212

REFERENCES

url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367

Trust: 2.5

url:https://www.zerodayinitiative.com/advisories/zdi-23-1828/

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-50212

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50212

Trust: 0.6

sources: ZDI: ZDI-23-1828 // CNVD: CNVD-2025-18891 // VULMON: CVE-2023-50212 // JVNDB: JVNDB-2023-028329 // NVD: CVE-2023-50212

CREDITS

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)

Trust: 0.7

sources: ZDI: ZDI-23-1828

SOURCES

db:ZDIid:ZDI-23-1828
db:CNVDid:CNVD-2025-18891
db:VULMONid:CVE-2023-50212
db:JVNDBid:JVNDB-2023-028329
db:NVDid:CVE-2023-50212

LAST UPDATE DATE

2025-08-21T23:11:17.957000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-23-1828date:2023-12-20T00:00:00
db:CNVDid:CNVD-2025-18891date:2025-08-20T00:00:00
db:JVNDBid:JVNDB-2023-028329date:2025-03-12T09:00:00
db:NVDid:CVE-2023-50212date:2025-03-10T16:26:06.647

SOURCES RELEASE DATE

db:ZDIid:ZDI-23-1828date:2023-12-20T00:00:00
db:CNVDid:CNVD-2025-18891date:2025-08-18T00:00:00
db:JVNDBid:JVNDB-2023-028329date:2025-03-12T00:00:00
db:NVDid:CVE-2023-50212date:2024-05-03T03:16:08.620