Detections
Analytics

alpha_auth_check() Function Remote Authentication Bypass

critical Nessus Plugin ID 70447

Language:

Synopsis

The remote web server is affected by an authentication bypass vulnerability.

Description

The remote web server is affected by an authentication bypass vulnerability due to a flaw in the 'alpha_auth_check()' function. A remote, unauthenticated attacker can exploit this issue by sending a request with the user agent string set to 'xmlset_roodkcableoj28840ybtide'. This could allow the attacker to bypass authentication and gain access to the device using a vendor-supplied backdoor.

Note that several D-Link and Planex model routers are reportedly affected by this issue.

Solution

If the affected router is a DIR-100, DIR-120, DI-524, DI-524UP, DI-604UP, DI-604+, DI-624S, or TM-G5240, apply the appropriate firmware update. Otherwise, contact the vendor or replace the router.

See Also

http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/

http://www.nessus.org/u?764b1d41

Plugin Details

Severity: Critical

ID: 70447

File Name: dlink_router_user_agent_auth_bypass.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 10/15/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:d-link:router

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 10/12/2013

Reference Information

CVE: CVE-2013-6026

BID: 62990

CERT: 248083