This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a remote authentication bypass vulnerability in D-Link products.
Multiple vendors are prone to a remote authentication-bypass vulnerability because the application fails to properly validate session cookie. Specifically, this issue affects the 'alpha_auth_check()' function and is triggered when the user agent string is set to 'xmlset_roodkcableoj28840ybtide'.
An attacker can exploit this issue to bypass the authentication mechanism and gain access to the affected device. This may aid in further attacks.
The following are vulnerable:
PLANEX COMMUNICATIONS BRL-04UR
PLANEX COMMUNICATIONS BRL-04R
PLANEX COMMUNICATIONS BRL-04CW
- D-Link DIR-120
- D-Link DI-624S
- D-Link DI-524UP
- D-Link DI-604S
- D-Link DI-604UP
- D-Link DI-604
- D-Link DIR-100
- D-Link TM-G5240
- PLANEX COMMUNICATIONS BRL-04UR
- PLANEX COMMUNICATIONS BRL-04R
- PLANEX COMMUNICATIONS BRL-04CW