Lucene search

[email protected]CVE-2015-5999

HistoryNov 18, 2015 - 4:59 p.m.

CVE-2015-5999

2015-11-1816:59:02

CWE-352

[email protected]

web.nvd.nist.gov

csrf

d-link

dir-816l

wireless router

firmware

cve-2015-5999

nvd

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.893 High

EPSS

Percentile

98.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.

Affected configurations

NVD

Node

dlinkdir-816l_firmwareRange≤2.05.b02

AND

dlinkdir-816lMatch-

CPENameOperatorVersion
dlink:dir-816l_firmwaredlink dir-816l firmwarele2.05.b02

CPE	Name	Operator	Version
dlink:dir-816l_firmware	dlink dir-816l firmware	le	2.05.b02

References

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF

packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html

seclists.org/fulldisclosure/2015/Nov/45

www.securityfocus.com/archive/1/536886/100/0/threaded

www.securityfocus.com/bid/77588

www.exploit-db.com/exploits/38707/

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.893 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2015-5999

prion1 zdt1 exploitpack1 seebug1 packetstorm1 cvelist1 nvd1 exploitdb1