Details of VAR-201703-0736

ID

VAR-201703-0736

CVE

CVE-2017-5633

TITLE

D-Link DI-524 Wireless router firmware cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-002133

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. D-linkDI-524 is a wireless router from D-Link. A cross-site request forgery vulnerability exists in D-linkDI-5249.01. An attacker could exploit the vulnerability to perform unauthorized actions and gain access to affected applications. D-link DI-524 is prone to multiple cross-site request-forgery vulnerabilities. Other attacks are also possible. D-link DI-524 9.01 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2017-5633 // JVNDB: JVNDB-2017-002133 // CNVD: CNVD-2017-02294 // BID: 96475 // VULHUB: VHN-113836

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-02294

AFFECTED PRODUCTS

vendor:	d link	model:	di-524	scope:	eq	version:	9.01	Trust: 3.0
vendor:	d link	model:	di-524	scope:	-	version:	-	Trust: 0.8
vendor:	dlink	model:	di-524	scope:	eq	version:	9.01	Trust: 0.3

sources: CNVD: CNVD-2017-02294 // BID: 96475 // JVNDB: JVNDB-2017-002133 // CNNVD: CNNVD-201702-955 // NVD: CVE-2017-5633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5633
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5633
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-02294
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-955
value:	HIGH
Trust: 0.6
VULHUB:	VHN-113836
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-5633
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-02294
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-113836
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5633
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-02294 // VULHUB: VHN-113836 // JVNDB: JVNDB-2017-002133 // CNNVD: CNNVD-201702-955 // NVD: CVE-2017-5633

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-113836 // JVNDB: JVNDB-2017-002133 // NVD: CVE-2017-5633

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-955

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201702-955

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002133

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-113836

PATCH

title:

Top Page

url:

http://www.dlink-jp.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-002133

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5633	Trust: 3.4
db:	BID	id:	96475	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-002133	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-955	Trust: 0.7
db:	CNVD	id:	CNVD-2017-02294	Trust: 0.6
db:	EXPLOIT-DB	id:	40983	Trust: 0.1
db:	VULHUB	id:	VHN-113836	Trust: 0.1

sources: CNVD: CNVD-2017-02294 // VULHUB: VHN-113836 // BID: 96475 // JVNDB: JVNDB-2017-002133 // CNNVD: CNNVD-201702-955 // NVD: CVE-2017-5633

REFERENCES

url:	http://seclists.org/fulldisclosure/2017/feb/70	Trust: 3.4
url:	http://www.securityfocus.com/bid/96475	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5633	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5633	Trust: 0.8
url:	http://www.dlink.co.in/	Trust: 0.3

sources: CNVD: CNVD-2017-02294 // VULHUB: VHN-113836 // BID: 96475 // JVNDB: JVNDB-2017-002133 // CNNVD: CNNVD-201702-955 // NVD: CVE-2017-5633

CREDITS

Felipe de Souza - Network Analyst & Programmer

Trust: 0.9

sources: BID: 96475 // CNNVD: CNNVD-201702-955

SOURCES

db:	CNVD	id:	CNVD-2017-02294
db:	VULHUB	id:	VHN-113836
db:	BID	id:	96475
db:	JVNDB	id:	JVNDB-2017-002133
db:	CNNVD	id:	CNNVD-201702-955
db:	NVD	id:	CVE-2017-5633

LAST UPDATE DATE

2025-04-20T23:37:58.353000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-02294	date:	2017-03-02T00:00:00
db:	VULHUB	id:	VHN-113836	date:	2017-03-09T00:00:00
db:	BID	id:	96475	date:	2017-03-07T01:08:00
db:	JVNDB	id:	JVNDB-2017-002133	date:	2017-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201702-955	date:	2023-04-27T00:00:00
db:	NVD	id:	CVE-2017-5633	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-02294	date:	2017-03-02T00:00:00
db:	VULHUB	id:	VHN-113836	date:	2017-03-06T00:00:00
db:	BID	id:	96475	date:	2017-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-002133	date:	2017-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201702-955	date:	2017-02-27T00:00:00
db:	NVD	id:	CVE-2017-5633	date:	2017-03-06T06:59:00.257