Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29539
HistoryJul 10, 2013 - 12:00 a.m.

Authentication bypass in D-Link routers

2013-07-1000:00:00
vulners.com
14
JSON

Vendor: D-Link
Affected Products:
-DIR-505L SharePort Mobile Companion (HW: A1 / FW: 1.01)
-DIR-826L Wireless N600 Cloud Router (HW: A1 / FW: 1.02)
Vendor Notification: April 8, 2013
Public Disclosure: July 8, 2013
Vulnerability Type: Authentication Bypass
CVE Reference: CVE-2013-4772
Solution Status: Not Fixed
Credit: Jason Doyle / tw: jasond0yle

Advisory Details:
It is possible to bypass authentication to gain administrator level access to the web management console by navigating directly to any web page while a legitimate session is still active. This is not possible once a legitimate session has expired. During this window of opportunity, at attacker has unfettered access to view and change all configurable settings on the device, including the addition / modification of user accounts for persistent access.

Related

prion 1
securityvulns 2
cve 1
prion
prion
Authentication flaw
2014-05-12 14:55:00
securityvulns
securityvulns
D-Link routers multiple security vulnerabilities
2013-12-09 00:00:00
Authentication bypass in D-Link devices (session cookies not validated)
2013-07-10 00:00:00
cve
cve
CVE-2013-4772
2014-05-12 14:55:00
JSON
Related for SECURITYVULNS:DOC:29539
prion1securityvulns2cve1