Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe

Filtered by product Dsl-2640b Firmware

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2012-1308	1 Dlink	2 Dsl-2640b, Dsl-2640b Firmware	2024-11-21	6.8 MEDIUM	N/A
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
CVE-2020-9275	1 Dlink	2 Dsl-2640b, Dsl-2640b Firmware	2024-02-28	5.0 MEDIUM	9.8 CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials.
CVE-2020-9277	1 Dlink	2 Dsl-2640b, Dsl-2640b Firmware	2024-02-28	7.5 HIGH	9.8 CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.
CVE-2020-9276	1 Dlink	2 Dsl-2640b, Dsl-2640b Firmware	2024-02-28	9.0 HIGH	8.8 HIGH
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277.
CVE-2020-9278	1 Dlink	2 Dsl-2640b, Dsl-2640b Firmware	2024-02-28	6.4 MEDIUM	9.1 CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.
CVE-2020-9279	1 Dlink	2 Dsl-2640b, Dsl-2640b Firmware	2024-02-28	10.0 HIGH	9.8 CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.