Sign-up

ID

VAR-201310-0388


CVE

CVE-2013-6026


TITLE

D-Link routers authenticate administrative access using specific User-Agent string

Trust: 0.8

sources: CERT/CC: VU#248083

DESCRIPTION

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be affected. In addition, attacks on this vulnerability 2013 Year 10 Observed on the moon.By a third party xmlset_roodkcableoj28840ybtide User-Agent HTTP Authentication may be avoided and settings may be changed via the header. D-Link DIR-100 is a small broadband router with integrated firewall function. DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604 +, TM-G5240 and several Planex routers BRL-04UR and BRL-04CW, the firmware used is v1.13 There is a backdoor vulnerability. Multiple vendors are prone to a remote authentication-bypass vulnerability. This may aid in further attacks. The following are vulnerable: D-Link DIR-120 D-Link DI-624S D-Link DI-524UP D-Link DI-604S D-Link DI-604UP D-Link DI-604 D-Link DIR-100 D-Link TM-G5240 PLANEX COMMUNICATIONS BRL-04UR PLANEX COMMUNICATIONS BRL-04R PLANEX COMMUNICATIONS BRL-04CW. D-Link DIR-100 and so on are all router devices of D-Link company. Planex BRL-04R etc. are the router equipment of Japan Planex Company. The following products are affected: D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+; TM-G5240; Planex BRL-04R, BRL-04UR, BRL-04CW

Trust: 3.24

sources: NVD: CVE-2013-6026 // CERT/CC: VU#248083 // JVNDB: JVNDB-2013-004823 // CNVD: CNVD-2013-13777 // BID: 62990 // VULHUB: VHN-66028

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-13777

AFFECTED PRODUCTS

vendor:alphanetworksmodel:vdsl asl-56552scope:eqversion: -

Trust: 1.6

vendor:d linkmodel:di-524upscope: - version: -

Trust: 1.4

vendor:d linkmodel:di-604+scope: - version: -

Trust: 1.4

vendor:d linkmodel:di-604sscope: - version: -

Trust: 1.4

vendor:d linkmodel:di-604upscope: - version: -

Trust: 1.4

vendor:d linkmodel:tm-g5240scope: - version: -

Trust: 1.4

vendor:dlinkmodel:di-624sscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:tm-g5240scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:di-604upscope:eqversion: -

Trust: 1.0

vendor:planexmodel:brl-04urscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dir-100scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:di-604sscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:di-524upscope:eqversion: -

Trust: 1.0

vendor:planexmodel:brl-04rscope:eqversion: -

Trust: 1.0

vendor:planexmodel:brl-04cwscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:di-604\+scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dir-120scope:eqversion: -

Trust: 1.0

vendor:alphanetworksmodel:vdsl asl-55052scope:eqversion: -

Trust: 1.0

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:alphamodel:vdsl 11n wireless routerscope: - version: -

Trust: 0.8

vendor:alphamodel:vdsl wired routerscope: - version: -

Trust: 0.8

vendor:d linkmodel:di-624sscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-100scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-120scope: - version: -

Trust: 0.8

vendor:planexmodel:brl-04cwscope: - version: -

Trust: 0.8

vendor:planexmodel:brl-04rscope: - version: -

Trust: 0.8

vendor:planexmodel:brl-04urscope: - version: -

Trust: 0.8

vendor:d linkmodel:di-524scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-100scope:eqversion:1.13

Trust: 0.6

sources: CERT/CC: VU#248083 // CNVD: CNVD-2013-13777 // JVNDB: JVNDB-2013-004823 // CNNVD: CNNVD-201310-477 // NVD: CVE-2013-6026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6026
value: HIGH

Trust: 1.0

NVD: CVE-2013-6026
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13777
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201310-477
value: CRITICAL

Trust: 0.6

VULHUB: VHN-66028
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6026
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13777
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66028
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-13777 // VULHUB: VHN-66028 // JVNDB: JVNDB-2013-004823 // CNNVD: CNNVD-201310-477 // NVD: CVE-2013-6026

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-66028 // JVNDB: JVNDB-2013-004823 // NVD: CVE-2013-6026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-477

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201310-477

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004823

PATCH
title:Update on Router Security issueurl:http://www.dlink.com/uk/en/support/security
Trust: 0.8
title:D-Link  and Planex/ router Web Repair measures for interface security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234982
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-004823 // 
            
            
            
            CNNVD: CNNVD-201310-477

EXTERNAL IDS
db:NVDid:CVE-2013-6026
Trust: 3.4
db:CERT/CCid:VU#248083
Trust: 3.3
db:BIDid:62990
Trust: 1.0
db:JVNDBid:JVNDB-2013-004823
Trust: 0.8
db:CNNVDid:CNNVD-201310-477
Trust: 0.7
db:CNVDid:CNVD-2013-13777
Trust: 0.6
db:SEEBUGid:SSVID-62565
Trust: 0.1
db:VULHUBid:VHN-66028
Trust: 0.1
sources:
            
            
            CERT/CC: VU#248083 // 
            
            
            
            CNVD: CNVD-2013-13777 // 
            
            
            
            VULHUB: VHN-66028 // 
            
            
            
            BID: 62990 // 
            
            
            
            JVNDB: JVNDB-2013-004823 // 
            
            
            
            CNNVD: CNNVD-201310-477 // 
            
            
            
            NVD: CVE-2013-6026

REFERENCES
url:http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
Trust: 3.1
url:http://www.kb.cert.org/vuls/id/248083
Trust: 2.5
url:http://www.dlink.com/uk/en/support/security
Trust: 1.7
url:http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/
Trust: 0.8
url:http://www.dlink.com/uk/en/support/security 
Trust: 0.8
url:http://blog.erratasec.com/2013/10/that-dlink-bug-masscan.html
Trust: 0.8
url:http://pastebin.com/vbig42vd
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6026
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6026
Trust: 0.8
url:http://www.solidot.org/story?sid=36791
Trust: 0.6
url:http://www.dlink.com/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#248083 // 
            
            
            
            CNVD: CNVD-2013-13777 // 
            
            
            
            VULHUB: VHN-66028 // 
            
            
            
            BID: 62990 // 
            
            
            
            JVNDB: JVNDB-2013-004823 // 
            
            
            
            CNNVD: CNNVD-201310-477 // 
            
            
            
            NVD: CVE-2013-6026

CREDITS
Craig Heffner and /dev/ttyS0
Trust: 0.3
sources:
            
            
            BID: 62990

SOURCES
db:CERT/CCid:VU#248083
db:CNVDid:CNVD-2013-13777
db:VULHUBid:VHN-66028
db:BIDid:62990
db:JVNDBid:JVNDB-2013-004823
db:CNNVDid:CNNVD-201310-477
db:NVDid:CVE-2013-6026

LAST UPDATE DATE
2024-11-23T22:18:43.896000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#248083date:2014-07-29T00:00:00
db:CNVDid:CNVD-2013-13777date:2020-03-10T00:00:00
db:VULHUBid:VHN-66028date:2013-10-21T00:00:00
db:BIDid:62990date:2013-12-10T00:56:00
db:JVNDBid:JVNDB-2013-004823date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-477date:2023-04-27T00:00:00
db:NVDid:CVE-2013-6026date:2024-11-21T01:58:38.767

SOURCES RELEASE DATE
db:CERT/CCid:VU#248083date:2013-10-17T00:00:00
db:CNVDid:CNVD-2013-13777date:2013-10-17T00:00:00
db:VULHUBid:VHN-66028date:2013-10-19T00:00:00
db:BIDid:62990date:2013-10-12T00:00:00
db:JVNDBid:JVNDB-2013-004823date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-477date:2013-10-21T00:00:00
db:NVDid:CVE-2013-6026date:2013-10-19T10:36:08.963