CVE-2023-53974

HIGH

D-Link DSL-124 ME_1.00 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53974. PoCs published by Aryan Chehreghani.

AI-analyzed exploit summary This exploit demonstrates an unauthorized backup file disclosure vulnerability in D-Link DSL-124 Wireless N300 ADSL2+ Modem Router (ME_1.00). By sending a crafted POST request to 'form2saveConf.cgi', an attacker can retrieve the router's configuration file, which may contain sensitive information such as Wi-Fi credentials.

Description

D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations.

Exploits (1)

exploitdb WORKING POC

by Aryan Chehreghani · textremotehardware

https://www.exploit-db.com/exploits/51129

View Code ZIP pw:eip

This exploit demonstrates an unauthorized backup file disclosure vulnerability in D-Link DSL-124 Wireless N300 ADSL2+ Modem Router (ME_1.00). By sending a crafted POST request to 'form2saveConf.cgi', an attacker can retrieve the router's configuration file, which may contain sensitive information such as Wi-Fi credentials.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: D-Link DSL-124 Wireless N300 ADSL2+ Modem Router ME_1.00

No auth needed

Prerequisites: Network access to the router's web interface · Router must be on the default or known IP address (e.g., 192.168.1.1)

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

https://www.exploit-db.com/exploits/51129

Product product

https://www.dlink.com

Product product

https://dlinkmea.com/index.php/product/details?det=dU1iNFc4cWRsdUpjWEpETFlSeFlZdz09

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/d-link-dsl-me-backup-configuration-file-disclosure-via-unauthenticated-request

Scores

CVSS v3 7.5

EPSS 0.0045

EPSS Percentile 35.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (1)

dlink/dsl-124_firmware 1.00

Published Dec 22, 2025

Tracked Since Feb 18, 2026