Vulnerability Description
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dsl-2740B Firmware | - |
| Dlink | Dsl-2740B | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txtExploit
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004Vendor Advisory
- http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authenticati
- http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Exploit
- http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txtExploit
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004Vendor Advisory
- http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authenticati
- http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Exploit
FAQ
What is CVE-2013-2271?
CVE-2013-2271 is a vulnerability with a CVSS score of 7.6 (HIGH). The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cg...
How severe is CVE-2013-2271?
CVE-2013-2271 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2271?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsl-2740B Firmware, Dlink Dsl-2740B.