Sign-up

ID

VAR-201807-2273


TITLE

D-Link DIR-300 Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-13398

DESCRIPTION

The D-LinkDIR-300 is a wireless router device. D-LinkDIR-300 has a cross-site request forgery vulnerability that allows an attacker to perform unauthorized operations, open remote access, and save settings.

Trust: 0.6

sources: CNVD: CNVD-2018-13398

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-13398

AFFECTED PRODUCTS

vendor:d linkmodel:dir-300scope:eqversion:1.2.94

Trust: 0.6

sources: CNVD: CNVD-2018-13398

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-13398
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2018-13398
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2018-13398

EXTERNAL IDS

db:CNVDid:CNVD-2018-13398

Trust: 0.6

sources: CNVD: CNVD-2018-13398

REFERENCES

url:http://seclists.org/fulldisclosure/2018/jul/57

Trust: 0.6

sources: CNVD: CNVD-2018-13398

SOURCES

db:CNVDid:CNVD-2018-13398

LAST UPDATE DATE

2022-05-04T09:16:49.850000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-13398date:2018-07-18T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-13398date:2018-07-18T00:00:00