Exploitation Summary
CVE-2013-6026 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
Various Sources x_refsource_confirm
http://www.dlink.com/uk/en/support/security
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/248083
Scores
EPSS
0.1141
EPSS Percentile
93.7%
Details
VulnCheck KEV
2013-10-19
InTheWild.io
2013-10-21
CWE
CWE-264
Status
published
Products (13)
alphanetworks/vdsl_asl-55052
alphanetworks/vdsl_asl-56552
dlink/di-524up
dlink/di-604\+
dlink/di-604s
dlink/di-604up
dlink/di-624s
dlink/dir-100
dlink/dir-120
dlink/tm-g5240
... and 3 more
Published
Oct 19, 2013
Tracked Since
Feb 18, 2026