VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : 脆弱性脅威分析用情報の定型データ配信
[ about VRDA Feed | JPCERT/CC



 
分析対象脆弱性情報 (リビジョン番号 : 1) [ Download XML
CVE-2013-2271
dsl-2740b, dsl-2740b_firmware: The D-Link DSL-2740B Gateway with firmware EU_1.0, ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2271

原文

The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.

翻訳   (表示)





この情報について
分析情報提供元:
NIST NVD
初版公開日:
2013-11-19
分析対象脆弱性情報の分類:
アドバイザリ・注意喚起
最終更新日:
2013-11-19




脆弱性の影響を受ける製品の識別子
cpe/search/results;jsessionid=A788ACA9C953A1C9D203864120250185?searchChoice=name&amp;searchText=cpe%3A%2Fh%3Adlink%3Adsl-2740b%3A-&amp;includeDeprecated=true&amp;page_num=0&amp;cid=1" title="cpe:/h:dlink:dsl-2740b:-" id="j_id241:0:0:0:1:0:j_id248" target="_blank">cpe:/h:dlink:dsl-2740b:-</a>
cpe/search/results;jsessionid=A788ACA9C953A1C9D203864120250185?searchChoice=name&amp;searchText=cpe%3A%2Fo%3Adlink%3Adsl-2740b_firmware%3A-&amp;includeDeprecated=true&amp;page_num=0&amp;cid=1" title="cpe:/o:dlink:dsl-2740b_firmware:-" id="j_id241:0:0:0:0:0:j_id248" target="_blank">cpe:/o:dlink:dsl-2740b_firmware:-</a>
 


脆弱性の分析内容
[攻撃元区分]  [?]
未評価 [?]

ローカル [?]
隣接 [?]
X ネットワーク [?]

[攻撃条件の複雑さ]  [?]
未評価 [?]

 [?]
X [?]
 [?]

[攻撃前の認証要否]  [?]
未評価 [?]

複数 [?]
単一 [?]
X 不要 [?]

[機密性への影響]  [?]
未評価 [?]

影響なし [?]
X 部分的 [?]
全面的 [?]

[完全性への影響]  [?]
未評価 [?]

影響なし [?]
X 部分的 [?]
全面的 [?]

[可用性への影響]  [?]
未評価 [?]

影響なし [?]
X 部分的 [?]
全面的 [?]

関連情報




参考情報
CONFIRM http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004




MISC http://www.webapp-security.com/wp-content/uploads/2013/03/D-Link-DSL-2740B-ADSL-Router-Authentication-Bypass2.txt




MISC http://www.webapp-security.com/2013/03/d-link-dsl-2740b-adsl-router-authentication-bypass




MISC http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)





Copyright © 2013 JPCERT/CC All Rights Reserved.