Weakness in D-Link and Planex Routers Allows Unauthorized Access
CVE-2013-6026

Currently unrated

Key Information:

Vendor: D-Link
Status: Di-604s; Tm-g5240; Di-524up; Di-604up
Vendor: CVE Published:; 19 October 2013

Summary

The web interface of several D-Link and Planex routers is vulnerable to an authentication bypass due to improper handling of the User-Agent HTTP header. This weakness allows remote attackers to gain unauthorized access and modify router settings without valid credentials. Exploited in the wild as of October 2013, the vulnerability affects a range of common consumer routers, highlighting the importance of secure configuration and regular firmware updates to mitigate risks.

References

http://www.devttys0.com/2013/10/reverse-engineering-a-d-l...

x_refsource_MISC

http://www.dlink.com/uk/en/support/security

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/248083

third-party-advisoryx_refsource_CERT-VN

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 19, 2013