CVE-2013-2271
published 2013-11-19CVE-2013-2271: The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain…
PriorityP357high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
5.37%
91.6th percentile
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated GET/POST requests to /login.cgi on D-Link DSL-2740B devices, especially from sources other than the established admin session IP. ↗
- →Alert on access to /login.cgi when no prior authentication flow is observed (i.e., direct navigation to login.cgi without a session establishment sequence). ↗
- →If remote management is enabled, monitor for external (non-RFC1918) source IPs accessing /login.cgi on the router's public IP. ↗
- ·The bypass is only exploitable when an active administrator session already exists on the device; without an active admin session the attack does not work. ↗
- ·Vulnerability is confirmed on firmware version EU_1.0; other models and firmware versions may also be affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txthttp://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypasshttp://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txthttp://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txthttp://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypasshttp://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt
2013-11-19
Published