ID
VAR-201912-0974
CVE
CVE-2019-16326
TITLE
D-Link DIR-601 Cross-site request forgery vulnerability in device
Trust: 0.8
DESCRIPTION
D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product. D-Link DIR-601 The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-601 B1 is a wireless router from Taiwan D-Link. A cross-site request forgery vulnerability exists in D-Link DIR-601 B1 2.00NA. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dlink | model: | dir-601 | scope: | eq | version: | 2.00na | Trust: 1.0 |
| vendor: | d link | model: | dir-601 | scope: | eq | version: | b1 2.00na | Trust: 0.8 |
| vendor: | youxun | model: | technology dir-601 b1 2.00na | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
cross-site request forgery
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | DIR-601 | url: | https://support.dlink.com/ProductInfo.aspx?m=DIR-601 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-16326 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-013961 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-02550 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201912-1131 | Trust: 0.6 |
REFERENCES
| url: | https://0x62626262.wordpress.com/2019/12/24/dlink-dir-601-router-authentication-bypass-and-csrf/ | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-16326 | Trust: 2.0 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16326 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2020-02550 |
| db: | JVNDB | id: | JVNDB-2019-013961 |
| db: | CNNVD | id: | CNNVD-201912-1131 |
| db: | NVD | id: | CVE-2019-16326 |
LAST UPDATE DATE
2024-11-23T22:11:41.431000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-02550 | date: | 2020-01-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013961 | date: | 2020-01-22T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-1131 | date: | 2020-06-23T00:00:00 |
| db: | NVD | id: | CVE-2019-16326 | date: | 2024-11-21T04:30:31.497 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-02550 | date: | 2020-01-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013961 | date: | 2020-01-22T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-1131 | date: | 2019-12-26T00:00:00 |
| db: | NVD | id: | CVE-2019-16326 | date: | 2019-12-26T18:15:10.547 |