BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

D-Link DSL-2740B login.cgi Bypass Vulnerability

Disclosed February 10, 2013    Fully Patched

Vulnerability Description:

This vulnerability permits an attacker to connect to the device with administrator permissions. To exploit this vulnerability, a user must already be logged in as an administrator. Once another user is already logged in as administrator, an attacker merely needs to connect to the login page. At that point, they will be logged in to the web interface with administrator permissions.

Vendors:

D-Link

Vulnerable Software/Devices:

D-Link DSL-2740B Router

Vulnerability Severity:

Low

Exploit Availability:

Publicly Available

Exploit Impact:

Security Bypass
This vulnerability allows an attacker to bypass certain security restrictions on the system, allowing the attacker to gain unauthorized access to the system.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19789 - D-Link DSL-2740B login.cgi Bypass Vulnerability (Zero-Day)

Mitigation:

Disable remote administration to the affected device to minimize risk.

Links:

CVE(s):