8.8
CVE-2014-100005
- EPSS 35.43%
- Veröffentlicht 13.01.2015 11:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dlink ≫ Dir-600 Firmware Version <= 2.16ww
16.05.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
SchwachstelleD-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session.
BeschreibungThis vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 35.43% | 0.969 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.