Summary
Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability.
Impact
This vulnerability allows remote attackers to gain complete administrative access to affected devices.
Solution
Ask the Vendor for an update.
Insight
By setting the User-Agent header to 'xmlset_roodkcableoj28840ybtide', it is possible to access the web interface without any authentication.
Affected
Various D-Link routers are affected.
Detection
Try to bypass authentication by using 'xmlset_roodkcableoj28840ybtide' as HTTP User-Agent.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-6026 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- AdPeeps 'index.php' Multiple Vulnerabilities.
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Apache Struts ClassLoader Manipulation Vulnerabilities
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities