Cross-Site Request Forgery Vulnerability in D-Link DCS-1130 Devices
CVE-2017-8407

8.8HIGH

Key Information:

Vendor
D-Link
Status
Dcs-1130 Firmware
Vendor
CVE Published:
2 July 2019

Summary

A vulnerability in D-Link DCS-1130 devices allows attackers to exploit a lack of cross-site request forgery protection. This weakness enables malicious actors to trick authenticated users into executing unintended actions, such as changing their administrative passwords, by leveraging their existing sessions within the web management interface. This could lead to unauthorized access and control over the affected device, posing a significant risk to users and their connected environments.

References

https://seclists.org/bugtraq/2019/Jun/8
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153226/Dlink-DCS-113...
x_refsource_MISC
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/ma...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.