Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Metrics
Affected Vendors & Products
References
History
Tue, 13 Aug 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-01-13T11:00:00
Updated: 2024-08-06T14:10:55.911Z
Reserved: 2015-01-13T00:00:00
Link: CVE-2014-100005
Vulnrichment
Updated: 2024-08-06T14:10:55.911Z
NVD
Status : Analyzed
Published: 2015-01-13T11:59:04.477
Modified: 2024-12-20T03:42:23.633
Link: CVE-2014-100005
Redhat
No data.