Published: 19/10/2013 Updated: 21/10/2013

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote malicious users to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.

Vulnerable Product	Search on Vulmon	Subscribe to Product
d-link dir-100 -
d-link dir-120 -
d-link di-624s -
d-link di-604s -
d-link di-604\\+ -
d-link tm-g5240 -
d-link di-524up -
d-link di-604up -
alphanetworks vdsl asl-56552 -
alphanetworks vdsl asl-55052 -
planex brl-04ur -
planex brl-04r -
planex brl-04cw -

This is a simple PHP script that checks to see if your D-Link device is vulnerable to the User-Agent backdoor ...

BAMF (Backdoor Access Machine Farmer)

BAMF (Backdoor Access Machine Farmer) DISCLAIMER: This project should be used for authorized testing and educational purposes only BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover vulnerable routers, then utilize detected backdoors/vulnerabilities to remotely access the router administration panel and modify the

CWE-264 http://www.kb.cert.org/vuls/id/248083 http://www.dlink.com/uk/en/support/security http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/https://github.com/malwaredllc/bamf https://nvd.nist.gov https://www.kb.cert.org/vuls/id/248083

CVE-2013-6026

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect