Cross Site Request Forgery in D-Link DSL-2730U by D-Link
CVE-2017-6411

8.8HIGH

Key Information:

Vendor: D-Link
Status: Dsl-2730u Firmware
Vendor: CVE Published:; 6 March 2017

Summary

The D-Link DSL-2730U C1 IN_1.00 is susceptible to Cross Site Request Forgery (CSRF) attacks that enable remote adversaries to manipulate critical settings such as DNS or firewall configurations and alter passwords. This vulnerability can be exploited without proper authentication, putting users at risk of unauthorized access and potential network compromise.

References

https://www.exploit-db.com/exploits/41478/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/96560

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 6, 2017
Vulnerability Reserved
Mar 1, 2017