Cross Site Request Forgery in D-Link DWR 2000M 5G CPE
CVE-2024-28731

4.3MEDIUM

Key Information:

Vendor: D-Link
Status: Dwr-2000m Firmware
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-28731?

A Cross Site Request Forgery vulnerability exists in the D-Link DWR 2000M 5G CPE models, allowing a local attacker to exploit the Port Forwarding feature to retrieve sensitive information. This could lead to unauthorized access or manipulation of network configurations, highlighting the importance of proper user authentication and access controls in safeguarding devices.

References

https://github.com/Mrnmap/mrnmap-cve/

https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-2...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024