Home page logo

bugtraq logo Bugtraq mailing list archives

Authentication bypass in D-Link routers
From: doylej.ia () gmail securityfocus com
Date: Mon, 8 Jul 2013 13:55:02 GMT

Vendor: D-Link
Affected Products:
-DIR-505L SharePort Mobile Companion (HW: A1 / FW: 1.01)
-DIR-826L Wireless N600 Cloud Router (HW: A1 / FW: 1.02)
Vendor Notification: April 8, 2013
Public Disclosure: July 8, 2013
Vulnerability Type: Authentication Bypass
CVE Reference: CVE-2013-4772
Solution Status: Not Fixed
Credit: Jason Doyle / tw: jasond0yle

Advisory Details:
It is possible to bypass authentication to gain administrator level access to the web management console by navigating 
directly to any web page while a legitimate session is still active. This is not possible once a legitimate session has 
expired. During this window of opportunity, at attacker has unfettered access to view and change all configurable 
settings on the device, including the addition / modification of user accounts for persistent access.

  By Date           By Thread  

Current thread:
  • Authentication bypass in D-Link routers doylej . ia (Jul 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]