Vulnerability Details CVE-2020-9277
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://raelize.com/advisories/CVE-2020-9277_D-Link-DSL-2640B_CGI-Authentication-bypass_v1.0.txt
- https://raelize.com/posts/d-link-dsl-2640b-security-advisories/
- https://www.dlink.com/en/security-bulletin
- https://raelize.com/advisories/CVE-2020-9277_D-Link-DSL-2640B_CGI-Authentication-bypass_v1.0.txt
- https://raelize.com/posts/d-link-dsl-2640b-security-advisories/
- https://www.dlink.com/en/security-bulletin
Products affected by CVE-2020-9277
-
cpe:2.3:h:dlink:dsl-2640b:-
-
cpe:2.3:o:dlink:dsl-2640b_firmware:eu_4.01b