cbcvebase.
CVE-2013-2271
published 2013-11-19

CVE-2013-2271: The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain…

PriorityP357high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
5.37%
91.6th percentile
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://192.168.1.1/login.cgi
path/login.cgi
  • Monitor for unauthenticated GET/POST requests to /login.cgi on D-Link DSL-2740B devices, especially from sources other than the established admin session IP.
  • Alert on access to /login.cgi when no prior authentication flow is observed (i.e., direct navigation to login.cgi without a session establishment sequence).
  • If remote management is enabled, monitor for external (non-RFC1918) source IPs accessing /login.cgi on the router's public IP.
  • ·The bypass is only exploitable when an active administrator session already exists on the device; without an active admin session the attack does not work.
  • ·Vulnerability is confirmed on firmware version EU_1.0; other models and firmware versions may also be affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.