CVE-2020-9277Improper Authentication in Dlink Dsl-2640b Firmware

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dsl-2640b Firmware
Timeline
PublishedApr 20
Latest updateMay 24

Description

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4vh6-rxvj-rwh4: An issue was discovered on D-Link DSL-2640B B2 EU_42022-05-24
CVEList
CVE-2020-9277: An issue was discovered on D-Link DSL-2640B B2 EU_42020-04-20
CVE-2020-9277 — Improper Authentication in Dlink | cvebase