Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2013-6026

Published: 19/10/2013 Updated: 26/04/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Dlink

Vulnerability Summary

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote malicious users to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dlink di-604s -

dlink tm-g5240 -

dlink di-524up -

dlink di-604up -

dlink di-624s -

dlink di-604\\+ -

dlink dir-120 -

dlink dir-100 -

alphanetworks vdsl asl-55052 -

alphanetworks vdsl asl-56552 -

planex brl-04r -

planex brl-04cw -

planex brl-04ur -

Exploits

Exploit DB: D-Link Backdoor Czechr
This is a simple PHP script that checks to see if your D-Link device is vulnerable to the User-Agent backdoor ...

Github Repositories

https://github.com/malwaredllc/bamf

A tool which utilizes Shodan to detect vulnerable IoT devices.

BAMF DISCLAIMER: This project should be used for authorized testing and educational purposes only BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover routers vulnerable to CVE-2013-6026, commonly known as Joel's Backdoor, a severe vulnerability allowing unauthenticated access to the administration panel of man

https://github.com/Soldie/bamf-SHODAN.IO

BAMF (Backdoor Access Machine Farmer) DISCLAIMER: This project should be used for authorized testing and educational purposes only BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover vulnerable routers, then utilize detected backdoors/vulnerabilities to remotely access the router administration panel and modify the

References

CWE-264http://www.kb.cert.org/vuls/id/248083http://www.dlink.com/uk/en/support/securityhttp://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/https://nvd.nist.govhttps://github.com/malwaredllc/bamfhttps://packetstormsecurity.com/files/123848/D-Link-Backdoor-Czechr.htmlhttps://www.kb.cert.org/vuls/id/248083
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook