Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Dlink Subscribe
Filtered by product Dsl-2640b
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9278 1 Dlink 2 Dsl-2640b, Dsl-2640b Firmware 2021-07-21 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.
CVE-2020-9275 1 Dlink 2 Dsl-2640b, Dsl-2640b Firmware 2021-07-21 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials.
CVE-2020-9276 1 Dlink 2 Dsl-2640b, Dsl-2640b Firmware 2020-04-28 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277.
CVE-2020-9277 1 Dlink 2 Dsl-2640b, Dsl-2640b Firmware 2020-04-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.
CVE-2020-9279 1 Dlink 2 Dsl-2640b, Dsl-2640b Firmware 2020-04-28 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.
CVE-2012-1308 1 Dlink 2 Dsl-2640b, Dsl-2640b Firmware 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.