Sign-up

ID

VAR-201403-0558


TITLE

D-Link DIR-600L '/goform/formSetPassword' Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-01933

DESCRIPTION

Dlink DIR-600L has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. D-Link DIR-600L is a cloud router product of D-Link. A cross-site request forgery vulnerability exists in D-Link DIR-600L. A remote attacker could use this vulnerability to perform unauthorized operations. Vulnerabilities in D-Link DIR-600L version 5.10, other versions may also be affected. This may lead to further attacks

Trust: 1.35

sources: CNVD: CNVD-2014-01933 // CNNVD: CNNVD-201403-479 // BID: 66373

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-01933

AFFECTED PRODUCTS

vendor:d linkmodel:dir-600l revision a1scope:eqversion:1.0

Trust: 0.6

vendor:d linkmodel:dir-600l revision a1scope:eqversion:2.0

Trust: 0.6

vendor:dlinkmodel:dir-600lscope:eqversion:5.10

Trust: 0.3

sources: CNVD: CNVD-2014-01933 // BID: 66373

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-01933
value: LOW

Trust: 0.6

CNVD: CNVD-2014-01933
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-01933

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-479

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201403-479

EXTERNAL IDS

db:BIDid:66373

Trust: 1.5

db:EXPLOIT-DBid:32385

Trust: 0.6

db:CNVDid:CNVD-2014-01933

Trust: 0.6

db:CNNVDid:CNNVD-201403-479

Trust: 0.6

sources: CNVD: CNVD-2014-01933 // BID: 66373 // CNNVD: CNNVD-201403-479

REFERENCES

url:http://www.exploit-db.com/download/32385/

Trust: 0.6

url:http://www.securityfocus.com/bid/66373

Trust: 0.6

url:http://www.dlink.com/us/en/home-solutions/connect/routers/dir-600l-wireless-n-150-home-cloud-router

Trust: 0.3

sources: CNVD: CNVD-2014-01933 // BID: 66373 // CNNVD: CNNVD-201403-479

CREDITS

Dhruv Shah

Trust: 0.9

sources: BID: 66373 // CNNVD: CNNVD-201403-479

SOURCES

db:CNVDid:CNVD-2014-01933
db:BIDid:66373
db:CNNVDid:CNNVD-201403-479

LAST UPDATE DATE

2022-05-17T02:07:13.380000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-01933date:2014-03-26T00:00:00
db:BIDid:66373date:2014-03-20T00:00:00
db:CNNVDid:CNNVD-201403-479date:2014-03-27T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-01933date:2014-03-26T00:00:00
db:BIDid:66373date:2014-03-20T00:00:00
db:CNNVDid:CNNVD-201403-479date:2014-03-27T00:00:00