Details of VAR-201403-0715

ID

VAR-201403-0715

TITLE

D-Link DIR-615 Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-01856 // CNNVD: CNNVD-201403-533

DESCRIPTION

The D-Link DIR-615 is a router device. D-Link DIR-615 has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context, such as changing device configuration. D-Link DIR-615 is a small wireless router product from D-Link. A cross-site request forgery vulnerability exists in D-Link DIR-615 routers running firmware versions prior to 8.0A. A remote attacker could use this vulnerability to perform unauthorized operations. D-Link DIR-615 is prone to a cross-site request-forgery vulnerability. This may lead to further attacks. D-Link DIR-615 Rev. H1 running firmware version 8.0A and lower are vulnerable

Trust: 1.35

sources: CNVD: CNVD-2014-01856 // CNNVD: CNNVD-201403-533 // BID: 66282

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01856

AFFECTED PRODUCTS

vendor:	d link	model:	dir-615	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-615 8.0a	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-615 8.05b06	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-01856 // BID: 66282

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01856
value:	LOW
Trust: 0.6

CNVD:	CNVD-2014-01856
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-533

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201403-533

PATCH

title:

Patch for D-Link DIR-615 Cross-Site Request Forgery Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/44399

Trust: 0.6

sources: CNVD: CNVD-2014-01856

EXTERNAL IDS

db:	DLINK	id:	SAP10020	Trust: 0.9
db:	BID	id:	66282	Trust: 0.9
db:	CNVD	id:	CNVD-2014-01856	Trust: 0.6
db:	CNNVD	id:	CNNVD-201403-533	Trust: 0.6

sources: CNVD: CNVD-2014-01856 // BID: 66282 // CNNVD: CNNVD-201403-533

REFERENCES

url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10020	Trust: 0.9
url:	http://ceriksen.com/2012/09/29/two-stage-csrf-attacks/	Trust: 0.6
url:	http://www.securityfocus.com/bid/66282	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3
url:	http://ceriksen.com/2012/09/29/two-stage-csrf-attacks/	Trust: 0.3

sources: CNVD: CNVD-2014-01856 // BID: 66282 // CNNVD: CNNVD-201403-533

CREDITS

Charlie Eriksen

Trust: 0.9

sources: BID: 66282 // CNNVD: CNNVD-201403-533

SOURCES

db:	CNVD	id:	CNVD-2014-01856
db:	BID	id:	66282
db:	CNNVD	id:	CNNVD-201403-533

LAST UPDATE DATE

2022-05-17T02:05:55.056000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01856	date:	2014-03-21T00:00:00
db:	BID	id:	66282	date:	2014-03-17T00:00:00
db:	CNNVD	id:	CNNVD-201403-533	date:	2014-03-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01856	date:	2014-03-21T00:00:00
db:	BID	id:	66282	date:	2014-03-17T00:00:00
db:	CNNVD	id:	CNNVD-201403-533	date:	2014-03-28T00:00:00