Cross-Site Request Forgery Vulnerabilities in D-Link DIR-816L Wireless Router
CVE-2015-5999

Currently unrated

Key Information:

Vendor: D-Link
Status: Dir-816l Firmware
Vendor: CVE Published:; 18 November 2015

Summary

The D-Link DIR-816L Wireless Router is susceptible to multiple Cross-Site Request Forgery (CSRF) vulnerabilities. These flaws allow remote attackers to execute unauthorized actions by masquerading as legitimate administrators. Specifically, attackers can hijack the authentication of the admin to change critical settings, such as the admin password and network policies, through crafted requests to the router's scripts. Due to the potential for unauthorized access and control over the router, this vulnerability poses significant risks to network security.

References

http://seclists.org/fulldisclosure/2015/Nov/45

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/134379/D-Link-DIR-81...

x_refsource_MISC

http://www.securityfocus.com/archive/1/536886/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 18, 2015
Vulnerability Reserved
Aug 14, 2015