Vulnerability Details CVE-2013-6026
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.137
EPSS Ranking 93.9%
CVSS Severity
CVSS v2 Score 10.0
Products affected by CVE-2013-6026
-
cpe:2.3:h:alphanetworks:vdsl_asl-55052:-
-
cpe:2.3:h:alphanetworks:vdsl_asl-56552:-
-
cpe:2.3:h:dlink:di-524up:-
-
cpe:2.3:h:dlink:di-604+:-
-
cpe:2.3:h:dlink:di-604s:-
-
cpe:2.3:h:dlink:di-604up:-
-
cpe:2.3:h:dlink:di-624s:-
-
cpe:2.3:h:dlink:dir-100:-
-
cpe:2.3:h:dlink:dir-120:-
-
cpe:2.3:h:dlink:tm-g5240:-
-
cpe:2.3:h:planex:brl-04cw:-
-
cpe:2.3:h:planex:brl-04r:-
-
cpe:2.3:h:planex:brl-04ur:-