CVE-2015-5999

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-816l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:34

Type Values Removed Values Added
References () ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF - () ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF -
References () http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html - Exploit () http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html - Exploit
References () http://seclists.org/fulldisclosure/2015/Nov/45 - Exploit () http://seclists.org/fulldisclosure/2015/Nov/45 - Exploit
References () http://www.securityfocus.com/archive/1/536886/100/0/threaded - () http://www.securityfocus.com/archive/1/536886/100/0/threaded -
References () http://www.securityfocus.com/bid/77588 - () http://www.securityfocus.com/bid/77588 -
References () https://www.exploit-db.com/exploits/38707/ - () https://www.exploit-db.com/exploits/38707/ -

Information

Published : 2015-11-18 16:59

Updated : 2024-11-21 02:34


NVD link : CVE-2015-5999

Mitre link : CVE-2015-5999

CVE.ORG link : CVE-2015-5999


JSON object : View

Products Affected

dlink

  • dir-816l
  • dir-816l_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)