← Back to CVEs
CVE-2014-100005
HIGHCISA KEV8.0
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
CVE Details
CVSS v3.1 Score8.0
SeverityHIGH
CVSS VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorADJACENT_NETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published1/13/2015
Last Modified4/22/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorD-Link
ProductDIR-600 Router
Vulnerability NameD-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
KEV Date Added2024-05-16
Remediation Due Date2024-06-06
Ransomware UseUnknown
Affected Products
dlink:dir-600dlink:dir-600_firmware
Weaknesses (CWE)
CWE-352CWE-352
References
http://secunia.com/advisories/57304(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(cve@mitre.org)
http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/57304(af854a3a-2127-422b-91ae-364da2661108)
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-100005(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.