Sign-up

ID

VAR-201402-0555


TITLE

D-Link DSL-2750B Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-00944 // CNNVD: CNNVD-201402-161

DESCRIPTION

The D-Link DSL-2750B is an ADSL router. The D-Link DSL-2750B has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. D-Link DSL-2750B is a Model router product of D-Link. A cross-site request forgery vulnerability exists in D-Link DSL-2750B running EU_2.02 firmware. An attacker could use this vulnerability to perform unauthorized operations. D-Link DSL-2750B is prone to a cross-site request-forgery vulnerability. This may lead to further attacks. D-Link DSL-2750B running firmware version EU_2.02 is vulnerable; other versions may also be affected

Trust: 1.35

sources: CNVD: CNVD-2014-00944 // CNNVD: CNNVD-201402-161 // BID: 65496

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00944

AFFECTED PRODUCTS

vendor:d linkmodel:dsl-2750b adsl routerscope: - version: -

Trust: 0.6

vendor:dlinkmodel:dsl-2750b eu 2.02scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2014-00944 // BID: 65496

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-00944
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2014-00944
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-00944

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-161

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201402-161

EXTERNAL IDS

db:BIDid:65496

Trust: 1.5

db:EXPLOIT-DBid:31569

Trust: 0.6

db:CNVDid:CNVD-2014-00944

Trust: 0.6

db:CNNVDid:CNNVD-201402-161

Trust: 0.6

sources: CNVD: CNVD-2014-00944 // BID: 65496 // CNNVD: CNNVD-201402-161

REFERENCES

url:http://www.exploit-db.com/exploits/31569/

Trust: 0.6

url:http://www.securityfocus.com/bid/65496

Trust: 0.6

url:http://www.dlink.com/

Trust: 0.3

url:http://www.dlink.com/us/en/home-solutions/connect/modems-and-gateways/dsl-2750b-wireless-n-adsl2-plus-modem-router

Trust: 0.3

sources: CNVD: CNVD-2014-00944 // BID: 65496 // CNNVD: CNNVD-201402-161

CREDITS

killall-9

Trust: 0.9

sources: BID: 65496 // CNNVD: CNNVD-201402-161

SOURCES

db:CNVDid:CNVD-2014-00944
db:BIDid:65496
db:CNNVDid:CNNVD-201402-161

LAST UPDATE DATE

2022-05-17T01:41:21.522000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-00944date:2014-02-14T00:00:00
db:BIDid:65496date:2014-02-11T00:00:00
db:CNNVDid:CNNVD-201402-161date:2014-02-17T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-00944date:2014-02-17T00:00:00
db:BIDid:65496date:2014-02-11T00:00:00
db:CNNVDid:CNNVD-201402-161date:2014-02-17T00:00:00