Cross-Site Request Forgery Vulnerabilities in D-Link DIR865L Router
CVE-2013-3095

Currently unrated

Key Information:

Vendor: D-Link
Status: Dir865l Firmware; Dir865l
Vendor: CVE Published:; 20 November 2013

Summary

Multiple vulnerabilities in the D-Link DIR865L router (Rev. A1) allow remote attackers to exploit Cross-Site Request Forgery (CSRF) weaknesses. These vulnerabilities permit unauthorized changes to administrator settings, including altering passwords and enabling remote management features. Attackers can leverage malicious requests to hedwig.cgi and pigwidgeon.cgi, thus compromising the integrity and security of the router's configuration.

References

http://securityadvisories.dlink.com/security/publication....

x_refsource_CONFIRM

http://secunia.com/advisories/53064

third-party-advisoryx_refsource_SECUNIA

http://securityevaluators.com/content/case-studies/router...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 20, 2013