Lucene search

K
cve[email protected]CVE-2015-5999
HistoryNov 18, 2015 - 4:59 p.m.

CVE-2015-5999

2015-11-1816:59:02
CWE-352
web.nvd.nist.gov
33
csrf
d-link
dir-816l
wireless router
firmware
cve-2015-5999
nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.893 High

EPSS

Percentile

98.8%

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.

Affected configurations

NVD
Node
dlinkdir-816l_firmwareRange2.05.b02
AND
dlinkdir-816lMatch-

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.893 High

EPSS

Percentile

98.8%