d-link DSL-2640B Security Vulnerabilities

6 Vulnerabilities
Description

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2020-9275, Last Modified: 2020-04-20T23:15:00Z

References

Advisory

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2020-9276, Last Modified: 2020-04-20T23:15:00Z

References

Advisory

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2020-9279, Last Modified: 2020-04-20T23:15:00Z

References

Advisory

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2020-9278, Last Modified: 2020-04-20T23:15:00Z

References

Advisory

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2020-9277, Last Modified: 2020-04-20T23:15:00Z

References

Advisory

An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2020-9544, Last Modified: 2020-03-05T15:42:00Z

References

Advisory
Free Home-Networking Courses, tutorials and security checklists

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.