cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-9277,https://securityvulnerability.io/vulnerability/CVE-2020-9277,Authentication Bypass Vulnerability in D-Link DSL-2640B by D-Link,"A vulnerability has been identified in D-Link DSL-2640B B2 EU_4.01B devices that allows an attacker to bypass authentication when accessing various cgi modules. This significant security flaw enables unauthorized users to perform administrative tasks such as changing the admin password without the need for proper authentication. These exploits can compromise the integrity and security of the device, potentially leading to larger network security issues.",D-Link,Dsl-2640b Firmware,9.8,CRITICAL,0.006180000025779009,false,,false,false,false,,,false,false,,2020-04-20T23:15:00.000Z,0
CVE-2020-9275,https://securityvulnerability.io/vulnerability/CVE-2020-9275,Remote Credentials Exfiltration Vulnerability in D-Link DSL-2640B Devices,A vulnerability exists in D-Link DSL-2640B B2 EU_4.01B devices due to a cfm UDP service operational on port 65002. This flaw allows remote attackers to exploit the service and gain unauthorized access to administrative credentials without requiring any authentication. Immediate action is recommended for users to protect their network and devices from potential exploitation.,D-Link,Dsl-2640b Firmware,9.8,CRITICAL,0.00761000020429492,false,,false,false,false,,,false,false,,2020-04-20T23:15:00.000Z,0
CVE-2020-9276,https://securityvulnerability.io/vulnerability/CVE-2020-9276,Stack-based Buffer Overflow in D-Link DSL-2640B Devices,"A vulnerability was found in D-Link DSL-2640B B2 EU_4.01B devices, specifically in the function do_cgi() which handles CGI requests on the device's web server. This flaw can be exploited remotely by an attacker, allowing for unauthorized access that can result in a stack-based buffer overflow. Combining this vulnerability with another identified issue (CVE-2020-9277) can further facilitate the exploitation process, posing significant risks to network security.",D-Link,Dsl-2640b Firmware,8.8,HIGH,0.006479999981820583,false,,false,false,false,,,false,false,,2020-04-20T23:15:00.000Z,0
CVE-2020-9278,https://securityvulnerability.io/vulnerability/CVE-2020-9278,Configuration Reset Vulnerability in D-Link DSL-2640B Devices,"A vulnerability exists in D-Link DSL-2640B B2 EU_4.01B devices that allows an unauthorized user to reset the device to its factory settings by simply accessing a specific unauthenticated URL. This flaw poses significant risks as it can lead to service disruption and potential reconfiguration of device settings, making it critical for users to apply the necessary security patches and restrict access to sensitive interfaces.",D-Link,Dsl-2640b Firmware,9.1,CRITICAL,0.0027000000700354576,false,,false,false,false,,,false,false,,2020-04-20T23:15:00.000Z,0
CVE-2020-9279,https://securityvulnerability.io/vulnerability/CVE-2020-9279,Hard-coded Privileged Account Vulnerability in D-Link DSL-2640B Devices,"A vulnerability exists in D-Link DSL-2640B B2 EU_4.01B devices due to a hard-coded account that grants high privileges for management access. This flaw allows an authenticated user to gain unauthorized control over critical settings and perform significant administrative functions, posing a serious risk to device security.",D-Link,Dsl-2640b Firmware,9.8,CRITICAL,0.005239999853074551,false,,false,false,false,,,false,false,,2020-04-20T23:15:00.000Z,0
CVE-2020-9544,https://securityvulnerability.io/vulnerability/CVE-2020-9544,Firmware Update Vulnerability in D-Link DSL-2640B Devices,"A vulnerability exists in the administrative interface of D-Link DSL-2640B E1 EU_1.01 devices, where insufficient authentication checks allow unauthorized users to submit firmware-update POST requests. This flaw enables attackers with access to the admin interface to install arbitrary firmware, potentially compromising the device's integrity and security. Proper authentication mechanisms should be enforced to mitigate this risk and ensure that only authorized personnel can execute firmware updates.",D-link,Dsl-2640b Firmware,7.5,HIGH,0.0013099999632686377,false,,false,false,false,,,false,false,,2020-03-05T14:57:01.000Z,0
CVE-2012-1308,https://securityvulnerability.io/vulnerability/CVE-2012-1308,,Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.,D-Link,"Dsl-2640b Firmware,Dsl-2640b",,,0.16354000568389893,false,,false,false,false,,,false,false,,2012-10-08T18:00:00.000Z,0