6.8

CVE-2013-3095

Exploit
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DlinkDir865l Firmware Version <= 1.05
DlinkDir865l Firmware Version1.00b24
DlinkDir865l Firmware Version1.02
DlinkDir865l Firmware Version1.03
DlinkDir865l Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.24% 0.653
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://secunia.com/advisories/53064
Vendor Advisory
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10003
Vendor Advisory
http://securityevaluators.com/content/case-studies/routers/dlink_dir865l.jsp
Exploit