CVE-2013-5730

Currently unrated

Key Information:

Vendor: D-Link
Status: Dsl-2740b Firmware; Dsl-2740b
Vendor: CVE Published:; 20 November 2013

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.

References

http://www.webapp-security.com/wp-content/uploads/2013/09...

x_refsource_MISC

http://securityadvisories.dlink.com/security/publication....

x_refsource_CONFIRM

http://packetstormsecurity.com/files/123200/D-Link-DSL-27...

x_refsource_MISC

EPSS Score

89% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 20, 2013
Vulnerability Reserved
Sep 11, 2013