Cross-Site Request Forgery Vulnerabilities in D-Link DSL-2740B Gateway
CVE-2013-5730

Currently unrated

Key Information:

Vendor: D-Link
Status: Dsl-2740b Firmware; Dsl-2740b
Vendor: CVE Published:; 20 November 2013

Summary

The D-Link DSL-2740B Gateway with EU_1.00 firmware is susceptible to several cross-site request forgery (CSRF) flaws. These vulnerabilities can allow remote attackers to exploit the gateway's settings and hijack administrative authentication. Specifically, an attacker can manipulate requests to enable or disable Wireless MAC Address Filters, modify firewall settings, or control remote management capabilities without the user's consent. Such actions could jeopardize the security configuration of the device, leading to unauthorized access and network misconfigurations.

References

http://www.webapp-security.com/wp-content/uploads/2013/09...

x_refsource_MISC

http://securityadvisories.dlink.com/security/publication....

x_refsource_CONFIRM

http://packetstormsecurity.com/files/123200/D-Link-DSL-27...

x_refsource_MISC

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 20, 2013
Vulnerability Reserved
Sep 11, 2013