Details of VAR-190001-0078

ID

VAR-190001-0078

TITLE

D-Link DSL-2640B MAC Address Verification Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-0858

DESCRIPTION

The D-Link DSL-2640B is a router device. The D-Link DSL-2640B has a verification bypass vulnerability. After the administrator logs in to the router, an internal attacker can connect to the WEB management interface (default http://192.168.1.1:80) and view the MAC address of the logged in administrator. Simply change the attacker's MAC address to log in to the administrator. Address, which allows unauthorized access to the device. D-Link DSL-2640B is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to connect to the affected device without authentication. This may aid in further attacks

Trust: 0.81

sources: CNVD: CNVD-2012-0858 // BID: 52129

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-0858

AFFECTED PRODUCTS

vendor:

d link

model:

dsl-2640b

scope:

version:

Trust: 0.9

sources: CNVD: CNVD-2012-0858 // BID: 52129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-479

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 52129

EXTERNAL IDS

db:	BID	id:	52129	Trust: 1.5
db:	PACKETSTORM	id:	110117	Trust: 0.6
db:	CNVD	id:	CNVD-2012-0858	Trust: 0.6
db:	CNNVD	id:	CNNVD-201202-479	Trust: 0.6

sources: CNVD: CNVD-2012-0858 // BID: 52129 // CNNVD: CNNVD-201202-479

REFERENCES

url:	http://packetstormsecurity.org/files/110117/dlinkdsl2640b-bypass.txt	Trust: 0.6
url:	http://www.securityfocus.com/bid/52129	Trust: 0.6
url:	http://www.d-link.com/products/?pid=567	Trust: 0.3
url:	http://www.d-link.com	Trust: 0.3

sources: CNVD: CNVD-2012-0858 // BID: 52129 // CNNVD: CNNVD-201202-479

CREDITS

Ivano Binetti

Trust: 0.9

sources: BID: 52129 // CNNVD: CNNVD-201202-479

SOURCES

db:	CNVD	id:	CNVD-2012-0858
db:	BID	id:	52129
db:	CNNVD	id:	CNNVD-201202-479

LAST UPDATE DATE

2022-05-17T01:57:30.962000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0858	date:	2012-02-27T00:00:00
db:	BID	id:	52129	date:	2012-02-23T00:00:00
db:	CNNVD	id:	CNNVD-201202-479	date:	2012-02-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-0858	date:	2012-02-27T00:00:00
db:	BID	id:	52129	date:	2012-02-23T00:00:00
db:	CNNVD	id:	CNNVD-201202-479	date:	1900-01-01T00:00:00