1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Remote Authentication Bypass CVE-2013-6026

Web Attack: Remote Authentication Bypass CVE-2013-6026

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote authentication bypass vulnerability in D-Link products.

Additional Information

Multiple vendors are prone to a remote authentication-bypass vulnerability because the application fails to properly validate session cookie. Specifically, this issue affects the 'alpha_auth_check()' function and is triggered when the user agent string is set to 'xmlset_roodkcableoj28840ybtide'.

An attacker can exploit this issue to bypass the authentication mechanism and gain access to the affected device. This may aid in further attacks.

The following are vulnerable:

D-Link DIR-120
D-Link DI-624S
D-Link DI-524UP
D-Link DI-604S
D-Link DI-604UP
D-Link DI-604
D-Link DIR-100
D-Link TM-G5240
PLANEX COMMUNICATIONS BRL-04UR
PLANEX COMMUNICATIONS BRL-04R
PLANEX COMMUNICATIONS BRL-04CW

Affected

  • D-Link DIR-120
  • D-Link DI-624S
  • D-Link DI-524UP
  • D-Link DI-604S
  • D-Link DI-604UP
  • D-Link DI-604
  • D-Link DIR-100
  • D-Link TM-G5240
  • PLANEX COMMUNICATIONS BRL-04UR
  • PLANEX COMMUNICATIONS BRL-04R
  • PLANEX COMMUNICATIONS BRL-04CW
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube