CVE-2020-9277

Name of the Vulnerable Software and Affected Versions D-Link DSL-2640B version EU 4.01B

Description An issue allows authentication to be bypassed when accessing cgi modules, enabling administrative tasks, such as modifying the admin password, without authentication. The vulnerability is related to weaknesses in the authentication procedure of the D-Link DSL-2640B router software, which can be exploited by a remote attacker to elevate their privileges.

Recommendations For D-Link DSL-2640B version EU 4.01B, as a temporary workaround, consider restricting access to cgi modules until a patch is available. Additionally, restrict administrative tasks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.