Details of VAR-E-201403-0523

ID

VAR-E-201403-0523

TITLE

D-Link DIR-615 Cross Site Request Forgery Vulnerability

Trust: 0.3

sources: BID: 66282

DESCRIPTION

D-Link DIR-615 is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
D-Link DIR-615 Rev. H1 running firmware version 8.0A and lower are vulnerable.

Trust: 0.3

sources: BID: 66282

AFFECTED PRODUCTS

vendor:	d link	model:	dir-615 8.0a	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-615 8.05b06	scope:	ne	version:	-	Trust: 0.3

sources: BID: 66282

EXPLOIT

To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.

Trust: 0.3

sources: BID: 66282

PRICE

Free

Trust: 0.3

sources: BID: 66282

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 66282

CREDITS

Charlie Eriksen

Trust: 0.3

sources: BID: 66282

EXTERNAL IDS

db:	DLINK	id:	SAP10020	Trust: 0.3
db:	BID	id:	66282	Trust: 0.3

sources: BID: 66282

REFERENCES

url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10020	Trust: 0.3
url:	http://www.dlink.com/	Trust: 0.3
url:	http://ceriksen.com/2012/09/29/two-stage-csrf-attacks/	Trust: 0.3

sources: BID: 66282

SOURCES

db:

BID

id:

66282

LAST UPDATE DATE

2022-07-27T09:45:08.655000+00:00

SOURCES UPDATE DATE

db:

BID

id:

66282

date:

2014-03-17T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

66282

date:

2014-03-17T00:00:00