CSRF Vulnerability in D-Link DIR-601 Router by D-Link
CVE-2019-16326

8.8HIGH

Key Information:

Vendor: D-Link
Status: Dir-601 Firmware
Vendor: CVE Published:; 26 December 2019

Summary

The D-Link DIR-601 B1 2.00NA router is susceptible to Cross-Site Request Forgery (CSRF) due to a lack of anti-CSRF token implementation. This flaw allows remote attackers to exploit the device, potentially leading to unauthorized remote management and complete device compromise when combined with additional vulnerabilities. It is important to note that this product has reached its end-of-life status, which may impact available updates and support.

References

https://0x62626262.wordpress.com/2019/12/24/dlink-dir-601...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2019
Vulnerability Reserved
Sep 15, 2019