CSRF Vulnerability in D-Link DIR-100 Router
CVE-2013-7053

8.8HIGH

Key Information:

Vendor
D-Link
Status
Dir-100 Firmware
Vendor
CVE Published:
4 February 2020

Summary

The D-Link DIR-100 router contains a Cross-Site Request Forgery (CSRF) vulnerability in its web interface, specifically within the 'cli.cgi' component. This issue can allow an attacker to manipulate the device's settings without the user's consent, potentially leading to unauthorized access or network disruptions. Users of the affected version (4.03B07) should apply available patches and restrict access to the web interface to mitigate risks.

References

http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/90905
x_refsource_MISC
https://www.securityfocus.com/bid/65290/info
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.