CVE-2014-100005

🗓️ 13 Jan 2015 11:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 168 Views🌐 WEB

CSRF vulnerabilities in D-Link DIR-600 router allow hijacking admin authentication

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2014-100005	13 Jan 201500:00	–	attackerkb
Circl	CVE-2014-100005	29 May 201815:50	–	circl
CISA KEV Catalog	D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability	16 May 202400:00	–	cisa_kev
CISA	CISA Adds Three Known Exploited Vulnerabilities to Catalog	16 May 202412:00	–	cisa
Cvelist	CVE-2014-100005	13 Jan 201511:00	–	cvelist
Tenable Nessus	DLink DIR < 2.17.b02 (SAP10018)	23 May 202400:00	–	nessus
Metasploit	D-Link DIR-645 / DIR-815 diagnostic.php Command Execution	5 Apr 201317:56	–	metasploit
NVD	CVE-2014-100005	13 Jan 201511:59	–	nvd
OpenVAS	D-Link Devices Multiple Vulnerabilities (Apr 2013) - Active Check	9 Apr 201300:00	–	openvas
Prion	Cross site request forgery (csrf)	13 Jan 201511:59	–	prion

NVD

Vulnrichment

Node

dlink dir-600_firmwareRange≤2.16ww

AND

dlink dir-600Match-

Source	Link
resources	www.resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/
securityadvisories	www.securityadvisories.dlink.com/security/publication.aspx
secunia	www.secunia.com/advisories/57304
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/91794
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
dst	request body	/diagnostic.php	OS command injection via POST to diagnostic.php using dst parameter (blind/exploitation via cmd payload).	CWE-352

22 Apr 2026 13:57Current

7.3High risk

Vulners AI Score7.3

CVSS 26.8

CVSS 3.18

EPSS0.45306

SSVC

CWE-352 In Wild

cve-2014-100005 csrf d-link dir-600 router firmware vulnerability remote management authentication hijacking security vulnerability