Cross-Site Request Forgery in D-Link DIR-868L Devices
CVE-2018-10957

8.8HIGH

Key Information:

Vendor
D-Link
Status
Dir-868l Firmware
Vendor
CVE Published:
10 May 2018

Summary

A Cross-Site Request Forgery (CSRF) vulnerability on D-Link DIR-868L devices permits an attacker to manipulate administrative settings without proper authorization. This flaw allows unauthorized changes, such as altering the Admin password through targeted requests exploiting vulnerable components like hedwig.cgi and pigwidgeon.cgi.

References

https://packetstormsecurity.com/files/147525/D-Link-DIR-8...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.