CVE-2024-38438
CRITICALDescription
D-Link - CWE-294: Authentication Bypass by Capture-replay
CVSS v3.1 Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Type (CWE)
CWE-294
CWE-294
Affected Products
| Vendor | Product |
|---|---|
| dlink | dsl-225_firmware |
| dlink | dsl-225 |
References
Frequently Asked Questions
What is CVE-2024-38438? +
D-Link -
CWE-294: Authentication Bypass by Capture-replay It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2024-38438? +
CVE-2024-38438 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2024-38438? +
CVE-2024-38438 affects products from dlink, specifically: dsl-225, dsl-225_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-38438? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.
Related Vulnerabilities
CVE-2025-8616
A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process …
CVE-2024-38284
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a …
CVE-2025-1887
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with …
CVE-2025-6030
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the …
CVE-2025-6029
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key …
CVE-2025-49752
10.0
Azure Bastion Elevation of Privilege Vulnerability