BID:58266

D-Link DSL-2740B Routers Remote Authentication Bypass Vulnerability

Info

D-Link DSL-2740B Routers Remote Authentication Bypass Vulnerability

Bugtraq ID:	58266
Class:	Access Validation Error
CVE:	CVE-2013-2271
Remote:	Yes
Local:	No
Published:	Mar 02 2013 12:00AM
Updated:	Mar 02 2013 12:00AM
Credit:	Ivano Binetti
Vulnerable:	D-Link DSL-2740B EU_1.0

Not Vulnerable:

Discussion

D-Link DSL-2740B Routers Remote Authentication Bypass Vulnerability

D-Link DSL-2740B routers are prone to a remote authentication-bypass vulnerability.

Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access.

D-Link DSL-2740B running firmware version EU_1.0 is vulnerable; other version may also be affected.

Exploit / POC

D-Link DSL-2740B Routers Remote Authentication Bypass Vulnerability

Attackers can use a browser to exploit this issue.

Solution / Fix

D-Link DSL-2740B Routers Remote Authentication Bypass Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

D-Link DSL-2740B Routers Remote Authentication Bypass Vulnerability

References:

D-Link DSL-2740B (ADSL Router) Authentication Bypass (Ivano Binetti)
D-Link DSL-2740B HomePage (D-Link)
D-Link Homepage (D-Link)