CVE-2014-100005

HIGHCVSS 8.0

8.0

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.

🔗 References (9)

cve@mitrehttp://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/
cve@mitrehttp://secunia.com/advisories/57304
cve@mitrehttp://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/91794
af854a3a-2127-422b-91ae-364da2661108http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57304
af854a3a-2127-422b-91ae-364da2661108http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91794
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-100005

Is Your Infrastructure Affected by CVE-2014-100005?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2014-100005

📅 Published

🔄 Last Modified

🔗 References (9)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2014-100005?