CVE-2013-6026

Name of the Vulnerable Software and Affected Versions D-Link DIR-100 D-Link DIR-120 D-Link DI-624S D-Link DI-524UP D-Link DI-604S D-Link DI-604UP D-Link DI-604+ D-Link TM-G5240 Planex BRL-04R Planex BRL-04UR Planex BRL-04CW Alpha Networks routers (affected versions not specified)

Description The issue allows remote attackers to bypass authentication and modify settings on the affected routers. This is achieved by using a specific User-Agent HTTP header, namely xmlset roodkcableoj28840ybtide. There have been real-world incidents where this issue was exploited, specifically in October 2013.

Recommendations For D-Link DIR-100, update the firmware to remove the vulnerable User-Agent header handling. For D-Link DIR-120, restrict access to the web interface until a patch is available. For D-Link DI-624S, avoid using the web interface for critical operations until the issue is resolved. For D-Link DI-524UP, consider disabling remote access to the web interface as a temporary workaround. For D-Link DI-604S, update the router's configuration to limit access to the web interface. For D-Link DI-604UP, change the default settings to prevent unauthorized access. For D-Link DI-604+, apply the latest security patch to fix the authentication bypass issue. For D-Link TM-G5240, modify the User-Agent header handling to prevent exploitation. For Planex BRL-04R, restrict the use of the vulnerable User-Agent header. For Planex BRL-04UR, update the router's software to remove the vulnerable code. For Planex BRL-04CW, disable the web interface until a fix is available. For Alpha Networks routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.