Dlink Dsl-2640B Firmware vulnerabilities
6 known vulnerabilities affecting dlink/dsl-2640b_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-9279CRITICALCVSS 9.8veu_4.01b2020-04-20
CVE-2020-9279 [CRITICAL] CWE-798 CVE-2020-9279: An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows managem
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.
nvd
CVE-2020-9278CRITICALCVSS 9.1veu_4.01b2020-04-20
CVE-2020-9278 [CRITICAL] CWE-306 CVE-2020-9278: An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its defa
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.
nvd
CVE-2020-9275CRITICALCVSS 9.8veu_4.01b2020-04-20
CVE-2020-9275 [CRITICAL] CWE-306 CVE-2020-9275: An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials.
nvd
CVE-2020-9277CRITICALCVSS 9.8veu_4.01b2020-04-20
CVE-2020-9277 [CRITICAL] CWE-287 CVE-2020-9277: An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.
nvd
CVE-2020-9276HIGHCVSS 8.8veu_4.01b2020-04-20
CVE-2020-9276 [HIGH] CWE-787 CVE-2020-9276: An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which proces
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277.
nvd
CVE-2012-1308MEDIUMCVSS 6.8PoCv4.002012-10-08
CVE-2012-1308 [MEDIUM] CWE-352 CVE-2012-1308: Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
nvd