← Voltar para CVEs
CVE-2014-100005
HIGHCISA KEV8.0
Descricao
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Detalhes CVE
Pontuacao CVSS v3.18.0
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueADJACENT_NETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado1/13/2015
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorD-Link
ProdutoDIR-600 Router
Nome da vulnerabilidadeD-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
Data inclusao KEV2024-05-16
Prazo de remediacao2024-06-06
Uso em ransomwareUnknown
Produtos afetados
dlink:dir-600dlink:dir-600_firmware
Fraquezas (CWE)
CWE-352CWE-352
Referencias
http://secunia.com/advisories/57304(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(cve@mitre.org)
http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/57304(af854a3a-2127-422b-91ae-364da2661108)
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-100005(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.