D-Link DSL-2740B (ADSL Router) Authentication Bypass | CVE-2013-2271

I’ve discovered a new vulnerability affecting D-Link DSL-2740B ADSL Wifi Router, which allows an attacker to completely bypass the authentication of this device and gain administrative access.

Fore more details, please read my Advisory:

D-Link DSL-2740B (ADSL Router) Authentication Bypass

MITRE CVE Numbering Authority assigned me CVE-2013-2271 for this vulnerability.

NIST – NVD (Nation Vulnerability Database) published my Advisory:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2271

Department of Homeland Security / US-CERT published my Advisory into the Security Bulletin SB13-329:
https://www.us-cert.gov/ncas/bulletins/SB13-329

The vendor (D-Link) confirmed this vulnerability and  is pending a new firmware release that fixes this security issue:
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004

This advisory has been also published in the following web sites:
http://www.securityfocus.com/bid/58266/info
http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt
http://1337day.com/exploits/20469
http://www.exploit-db.com/exploits/24563/
http://www.osvdb.org/show/osvdb/90822
http://cxsecurity.com/issue/WLB-2013030027
http://www.scip.ch/?vuldb.7851
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004
http://www.eeye.com/resources/security-center/research/zero-day-tracker/2013/20130210
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2271
http://www.security-database.com/detail.php?alert=CVE-2013-2271
Japan CERT (Computer Emergency Response Team)

Leave a Reply

Your email address will not be published. Required fields are marked *


+ 2 = eight

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>