CVE-2012-1308

Currently unrated

Key Information:

Vendor: D-Link
Status: Dsl-2640b Firmware; Dsl-2640b
Vendor: CVE Published:; 8 October 2012

Summary

Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

References

http://www.securityfocus.com/bid/52096

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/18499

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/73316

vdb-entryx_refsource_XF

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 8, 2012
Vulnerability Reserved
Feb 27, 2012