Cross-Site Request Forgery in D-Link Router
CVE-2017-7404
8.8HIGH
What is CVE-2017-7404?
A vulnerability exists in D-Link's DIR-615 router that allows an attacker to exploit Cross-Site Request Forgery (CSRF). If a victim logs into the router's web interface and subsequently visits a malicious website, the attacker can send unauthorized requests to the victim's router without needing access credentials. This exploit may facilitate a POST request to Form2File.htm, aiming to upload malicious firmware, which can lead to router crashes or reboots, thereby causing a Denial of Service. Users are advised to update their firmware to mitigate this risk.