CVE-2013-6026

Published Oct 19, 2013

Last updated 2 years ago

Overview

Description: The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
Source: cret@cert.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:di-524up:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "157FE837-AA4B-46AD-A2C2-1E9A690FA7DF"
          },
          {
            "criteria": "cpe:2.3:h:dlink:di-604\\+:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8D8643C-5683-429D-9B9F-3A9C2B26ADF6"
          },
          {
            "criteria": "cpe:2.3:h:dlink:di-604s:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "076B3A72-3CF5-49CA-9104-D6D1667CE260"
          },
          {
            "criteria": "cpe:2.3:h:dlink:di-604up:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4632D90B-C66E-4E72-B56B-C9B81C3FB85C"
          },
          {
            "criteria": "cpe:2.3:h:dlink:di-624s:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F92DC565-F84C-4881-AA54-F07C988E3B90"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dir-100:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "944231AD-3DB5-432F-826F-DF40D3538F86"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dir-120:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "030E2C73-B17D-4F52-83B5-24C2042A5761"
          },
          {
            "criteria": "cpe:2.3:h:dlink:tm-g5240:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45DB67B1-BD0F-4B2F-8025-B0A39F821051"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:alphanetworks:vdsl_asl-55052:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38D71280-715B-4872-86DD-528DBD0C4EEE"
          },
          {
            "criteria": "cpe:2.3:h:alphanetworks:vdsl_asl-56552:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "630148D9-4FFC-4630-8D99-4F7DA068D3C1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:planex:brl-04cw:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F22A84F3-0A51-4CF5-B0B2-E41F02D10401"
          },
          {
            "criteria": "cpe:2.3:h:planex:brl-04r:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7B26C5C-508E-426B-ACC7-148515E5FFF6"
          },
          {
            "criteria": "cpe:2.3:h:planex:brl-04ur:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6E83607-47A8-49B5-8C5B-5A25F8F19389"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References