← Zuruck zu CVEs
CVE-2014-100005
HIGHCISA KEV8.0
Beschreibung
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
CVE Details
CVSS v3.1 Bewertung8.0
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht1/13/2015
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerD-Link
ProduktDIR-600 Router
SchwachstellennameD-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
KEV Aufnahmedatum2024-05-16
Behebungsfrist2024-06-06
Ransomware-NutzungUnknown
Betroffene Produkte
dlink:dir-600dlink:dir-600_firmware
Schwachen (CWE)
CWE-352CWE-352
Referenzen
http://secunia.com/advisories/57304(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(cve@mitre.org)
http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/57304(af854a3a-2127-422b-91ae-364da2661108)
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-100005(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.