VDB
CVE-2013-6026
CVE-2013-6026
PUBLISHED
CVSS 10 CRITICAL
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
EPSS 11.41% · 93.7th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
11.41%
93.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| dlink | di-524up | |
| n/a | n/a | n/a |
| dlink | di-604up | |
| planex | brl-04cw | |
| alphanetworks | vdsl_asl-55052 | |
| dlink | di-604\+ | |
| alphanetworks | vdsl_asl-56552 | |
| dlink | dir-100 | |
| dlink | tm-g5240 | |
| dlink | di-624s | |
| planex | brl-04ur | |
| dlink | di-604s | |
| planex | brl-04r | |
| dlink | dir-120 |
Timeline
- Oct 12, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 18, 2023 EPSS Score