CVE-2015-5999

Currently unrated

Key Information:

Vendor: D-Link
Status: Dir-816l Firmware
Vendor: CVE Published:; 18 November 2015

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.

References

http://seclists.org/fulldisclosure/2015/Nov/45

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/134379/D-Link-DIR-81...

x_refsource_MISC

http://www.securityfocus.com/archive/1/536886/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

88% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 18, 2015
Vulnerability Reserved
Aug 14, 2015