Session Fixation Vulnerability in D-Link DIR-600L Routers
CVE-2016-10405

9.8CRITICAL

Key Information:

Vendor: D-link
Status: Dir-600l Firmware
Vendor: CVE Published:; 7 September 2017

What is CVE-2016-10405?

A session fixation vulnerability in the D-Link DIR-600L routers (rev. Ax) allows remote attackers to hijack web sessions. This issue occurs when the router's firmware versions earlier than FW1.17.B01 do not adequately validate session tokens, enabling attackers to exploit the flaw through unspecified vectors.

References

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-600L/DIR-60...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2017
Vulnerability Reserved
Aug 11, 2017

D-link

What is CVE-2016-10405?

References

CVSS V3.1

Timeline