CVE-2013-5730

Name of the Vulnerable Software and Affected Versions D-Link DSL-2740B Gateway version EU 1.00

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests. The affected requests include enabling or disabling Wireless MAC Address Filters via a wlFltMode action to "wlmacflt.cmd", enabling or disabling firewall protections via a request to "scdmz.cmd", and enabling or disabling remote management via a save action to "scsrvcntr.cmd".

Recommendations For D-Link DSL-2740B Gateway version EU 1.00, consider disabling the wlmacflt.cmd, scdmz.cmd, and scsrvcntr.cmd commands until a patch is available to prevent exploitation of the CSRF vulnerabilities. Restrict access to these commands to minimize the risk of unauthorized changes to Wireless MAC Address Filters, firewall protections, and remote management settings. Avoid using the wlFltMode and save actions in the affected API endpoints until the issue is resolved.