← Retour aux CVEs
CVE-2014-100005
HIGHCISA KEV8.0
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Details CVE
Score CVSS v3.18.0
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie1/13/2015
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurD-Link
ProduitDIR-600 Router
Nom vulnerabiliteD-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
Date ajout KEV2024-05-16
Date limite remediation2024-06-06
Utilise dans ransomwareUnknown
Produits affectes
dlink:dir-600dlink:dir-600_firmware
Faiblesses (CWE)
CWE-352CWE-352
References
http://secunia.com/advisories/57304(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(cve@mitre.org)
http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/57304(af854a3a-2127-422b-91ae-364da2661108)
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-100005(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.