CSRF Vulnerability in D-Link DIR-600M Devices by D-Link
CVE-2017-5874

8.8HIGH

Key Information:

Vendor: D-link
Status: Dir-600m Firmware
Vendor: CVE Published:; 22 March 2017

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the D-Link DIR-600M Rev. Cx devices, allowing attackers to bypass authentication measures. This vulnerability could enable unauthorized users to inject harmful XSS sequences, leading to potential exploitation. Devices affected are those running versions prior to v3.05ENB01_beta_20170306, emphasizing the importance of updating to secure versions immediately.

References

http://www.securityfocus.com/bid/96999

vdb-entryx_refsource_BID

http://supportannouncement.us.dlink.com/announcement/publ...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2017
Vulnerability Reserved
Feb 2, 2017