Access Control Weakness in D-Link DSL-2750U Devices
CVE-2020-13150

7.8HIGH

Key Information:

Vendor: D-Link
Status: Dsl-2750u Firmware
Vendor: CVE Published:; 15 June 2020

Summary

The D-Link DSL-2750U ISL2750UEME3.V1E devices present a security issue that allows unauthorized access to the control panel for approximately 90 seconds after the device is restarted. During this window, MAC address filtering rules, which are intended to prevent unauthorized device access, are not yet active, exposing the control panel to potential attackers. This behavior can lead to unauthorized changes to device settings, compromising the security and functionality of the network.

References

https://www.dlink.com/en/security-bulletin

x_refsource_MISC

https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2020
Vulnerability Reserved
May 18, 2020