ID
VAR-201012-0369
TITLE
D-Link WBR-1310 'tools_admin.cgi' CGI Verification Bypass Vulnerability
Trust: 0.6
DESCRIPTION
The D-Link WBR-1310 is a wireless router. The WBR-1310 CGI script does not validate the authentication credentials, and sending a specially crafted HTTP request to the CGI script bypasses the validation change management settings. D-Link WBR-1310 is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to bypass authentication, change the administrative password and gain administrative control of the affected device. D-Link WBR-1310 with firmware version 2.00 is vulnerable; other versions may also be affected
Trust: 0.81
IOT TAXONOMY
| category: | ['IoT', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | d link | model: | wbr-1310 | scope: | eq | version: | 2.00 | Trust: 0.9 |
| vendor: | d link | model: | wbr-1310 | scope: | ne | version: | 4.13 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Access Validation Error
Trust: 0.3
PATCH
| title: | D-Link WBR-1310 'tools_admin.cgi' CGI verification patch that bypasses the vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/2403 | Trust: 0.6 |
EXTERNAL IDS
| db: | BID | id: | 45554 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-3363 | Trust: 0.6 |
REFERENCES
| url: | http://www.devttys0.com/wp-content/uploads/2010/12/wbr310_auth_bypass.pdf | Trust: 0.9 |
| url: | http://www.dlink.com/products/?pid=474 | Trust: 0.3 |
CREDITS
Craig Heffner
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-3363 |
| db: | BID | id: | 45554 |
LAST UPDATE DATE
2022-05-17T01:51:47.556000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-3363 | date: | 2010-12-24T00:00:00 |
| db: | BID | id: | 45554 | date: | 2010-12-23T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-3363 | date: | 2010-12-24T00:00:00 |
| db: | BID | id: | 45554 | date: | 2010-12-23T00:00:00 |