PT-2013-3632 · D Link · D-Link Dsl-2740B Gateway

Published

2013-11-15

Updated

2013-11-19

CVE-2013-2271

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DSL-2740B Gateway version EU 1.0

Description The issue allows remote attackers to bypass authentication and gain administrator access when an active administrator session exists. This can be achieved by sending a request to the "login.cgi" endpoint.

Recommendations For D-Link DSL-2740B Gateway version EU 1.0, as a temporary workaround, consider restricting access to the "login.cgi" endpoint until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-2271

Affected Products

D-Link Dsl-2740B Gateway

PT-2013-3632 · D Link · D-Link Dsl-2740B Gateway

CVE-2013-2271

Weakness Enumeration

Related Identifiers

Affected Products

References · 6