Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
History

Tue, 13 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-01-13T11:00:00

Updated: 2024-08-06T14:10:55.911Z

Reserved: 2015-01-13T00:00:00

Link: CVE-2014-100005

cve-icon Vulnrichment

Updated: 2024-08-06T14:10:55.911Z

cve-icon NVD

Status : Analyzed

Published: 2015-01-13T11:59:04.477

Modified: 2024-12-20T03:42:23.633

Link: CVE-2014-100005

cve-icon Redhat

No data.