← Back

CVE-2013-6026

nvd nist
Published: Oct 19, 2013Modified: Apr 29, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.

Affected (13)

Dlink
8 products
Di 524up
Di 604+
Di 604s
Di 604up
Di 624s
Dir 100
Dir 120
Tm G5240
Alphanetworks
2 products
Vdsl Asl 55052
Vdsl Asl 56552
Planex
3 products
Brl 04cw
Brl 04r
Brl 04ur
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Di 524up
All versions
Di 604+
All versions
Di 604s
All versions
Di 604up
All versions
Di 624s
All versions
Dir 100
All versions
Dir 120
All versions
Tm G5240
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Vdsl Asl 55052
All versions
Vdsl Asl 56552
All versions
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Brl 04cw
All versions
Brl 04r
All versions
Brl 04ur
All versions

Related CWEs

CWE-264
CWE-264

References (6)

Source: cret@cert.org
Exploit
Source: cret@cert.org
Source: cret@cert.org
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource

Timeline

No history available yet.