← Volver a CVEs
CVE-2014-100005
HIGHCISA KEV8.0
Descripcion
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Detalles CVE
Puntuacion CVSS v3.18.0
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueADJACENT_NETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/13/2015
Ultima modificacion4/22/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorD-Link
ProductoDIR-600 Router
Nombre vulnerabilidadD-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
Fecha inclusion KEV2024-05-16
Fecha limite remediacion2024-06-06
Uso en ransomwareUnknown
Productos afectados
dlink:dir-600dlink:dir-600_firmware
Debilidades (CWE)
CWE-352CWE-352
Referencias
http://secunia.com/advisories/57304(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(cve@mitre.org)
http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/57304(af854a3a-2127-422b-91ae-364da2661108)
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-100005(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.