ByteOS Network

Vulnerability Details :

CVE-2013-2271

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-15 Nov, 2013 | 20:00

Updated At-16 Sep, 2024 | 23:06

The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:15 Nov, 2013 | 20:00

Updated At:16 Sep, 2024 | 23:06

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004	x_refsource_CONFIRM
http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt	x_refsource_MISC
http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypass	x_refsource_MISC
http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt	x_refsource_MISC

Hyperlink: http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004

Resource:

x_refsource_CONFIRM

Hyperlink: http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt

Resource:

x_refsource_MISC

Hyperlink: http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypass

Resource:

x_refsource_MISC

Hyperlink: http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004	x_refsource_CONFIRM x_transferred
http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt	x_refsource_MISC x_transferred
http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypass	x_refsource_MISC x_transferred
http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt	x_refsource_MISC x_transferred

Hyperlink: http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypass

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:19 Nov, 2013 | 04:47

Updated At:11 Apr, 2025 | 00:51

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 7.6

Base severity: HIGH

Vector:

AV:N/AC:H/Au:N/C:C/I:C/A:C

CPE Matches

D-Link Corporation

>>dsl-2740b_firmware>>-

cpe:2.3:o:dlink:dsl-2740b_firmware:-:*:*:*:*:*:*:*

D-Link Corporation

>>dsl-2740b>>-

cpe:2.3:h:dlink:dsl-2740b:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

Evaluator Description

Advisory from D-Link says all versions of firmware for DSL-2740B are vulnerable per http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004

References

Hyperlink	Source	Resource
http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt	cve@mitre.org	Exploit
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004	cve@mitre.org	Vendor Advisory
http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypass	cve@mitre.org	N/A
http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt	cve@mitre.org	Exploit
http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypass	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt	af854a3a-2127-422b-91ae-364da2661108	Exploit

Hyperlink: http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypass

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Exploit

Hyperlink: http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypass

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Exploit

Similar CVEs

2Records found

CVE-2024-10915

Matching Score-8

Assigner-VulDB

View Details

Matching Score-8

Assigner-VulDB

CVSS Score-9.2||CRITICAL

EPSS-92.52% / 99.73%

7 Day CHG~0.00%

Published-06 Nov, 2024 | 14:00

Updated-08 Nov, 2024 | 20:11

D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Vendor-D-Link Corporation

Product-dns-340l dns-325_firmware dns-320 dns-320lw_firmware dns-320_firmware dns-320lw dns-340l_firmware dns-325 DNS-320LW DNS-325 DNS-320 DNS-340L dns-340l_firmware dns-320_firmware dns-320lw_firmware dns-325_firmware

CWE ID-CWE-707

Improper Neutralization

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-10914

Matching Score-8

Assigner-VulDB

View Details

Matching Score-8

Assigner-VulDB

CVSS Score-9.2||CRITICAL

EPSS-93.97% / 99.88%

7 Day CHG~0.00%

Published-06 Nov, 2024 | 13:31

Updated-24 Nov, 2024 | 15:15

D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Vendor-D-Link Corporation

CWE ID-CWE-707

Improper Neutralization

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2013-2271

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs