Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dsl-2740B Firmware | 1.00 |
| Dlink | Dsl-2740B | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/123200/D-Link-DSL-2740B-Cross-Site-Request-Exploit
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004Vendor Advisory
- http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabil
- http://www.webapp-security.com/wp-content/uploads/2013/09/D-Link-DSL-2740B-MultiExploit
- http://packetstormsecurity.com/files/123200/D-Link-DSL-2740B-Cross-Site-Request-Exploit
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004Vendor Advisory
- http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabil
- http://www.webapp-security.com/wp-content/uploads/2013/09/D-Link-DSL-2740B-MultiExploit
FAQ
What is CVE-2013-5730?
CVE-2013-5730 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1)...
How severe is CVE-2013-5730?
CVE-2013-5730 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5730?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsl-2740B Firmware, Dlink Dsl-2740B.