Details of VAR-201402-0539

ID

VAR-201402-0539

TITLE

D-Link DIR-615 Wireless N300 Routing Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-01168

DESCRIPTION

D-Link DIR-615 The Wireless N300 has cross-site request forgery, allowing remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations, such as operating device data, in the context of the target user. D-Link DIR-615 Wireless N300 is a wireless router product from D-Link. A cross-site request forgery vulnerability exists in the D-Link DIR-615 Wireless N300 router running firmware version 5.10. A remote attacker could use this vulnerability to perform unauthorized operations. D-Link DIR-615 is prone to a cross-site request-forgery vulnerability. This may lead to further attacks

Trust: 1.35

sources: CNVD: CNVD-2014-01168 // CNNVD: CNNVD-201402-285 // BID: 65680

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01168

AFFECTED PRODUCTS

vendor:

d link

model:

dir-615

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2014-01168

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01168
value:	LOW
Trust: 0.6

CNVD:	CNVD-2014-01168
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01168

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-285

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201402-285

EXTERNAL IDS

db:	BID	id:	65680	Trust: 1.5
db:	EXPLOIT-DB	id:	31764	Trust: 0.6
db:	CNVD	id:	CNVD-2014-01168	Trust: 0.6
db:	CNNVD	id:	CNNVD-201402-285	Trust: 0.6

sources: CNVD: CNVD-2014-01168 // BID: 65680 // CNNVD: CNNVD-201402-285

REFERENCES

url:	http://www.exploit-db.com/exploits/31764/	Trust: 0.6
url:	http://www.securityfocus.com/bid/65680	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2014-01168 // BID: 65680 // CNNVD: CNNVD-201402-285

CREDITS

Dhruv Shah

Trust: 0.9

sources: BID: 65680 // CNNVD: CNNVD-201402-285

SOURCES

db:	CNVD	id:	CNVD-2014-01168
db:	BID	id:	65680
db:	CNNVD	id:	CNNVD-201402-285

LAST UPDATE DATE

2022-05-17T01:46:34.334000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01168	date:	2014-02-25T00:00:00
db:	BID	id:	65680	date:	2014-03-21T01:44:00
db:	CNNVD	id:	CNNVD-201402-285	date:	2014-02-21T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01168	date:	2014-02-24T00:00:00
db:	BID	id:	65680	date:	2014-02-20T00:00:00
db:	CNNVD	id:	CNNVD-201402-285	date:	2014-02-21T00:00:00