VAR-201501-0347
Vulnerability from variot - Updated: 2024-06-02 22:46Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0347",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-600",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-600",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-600",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.16ww"
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "firmware 2.17b02"
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.16ww"
},
{
"model": "dir-600 2.16ww",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.16ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dawid Czagan",
"sources": [
{
"db": "BID",
"id": "66092"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
],
"trust": 0.9
},
"cve": "CVE-2014-100005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-100005",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-01581",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68501",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-100005",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01581",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-571",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68501",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-100005"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "VULHUB",
"id": "VHN-68501"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-100005",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "57304",
"trust": 2.3
},
{
"db": "DLINK",
"id": "SAP10018",
"trust": 2.0
},
{
"db": "BID",
"id": "66092",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01581",
"trust": 0.6
},
{
"db": "XF",
"id": "91794",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-89342",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68501",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"id": "VAR-201501-0347",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
}
],
"trust": 1.5148148
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
}
]
},
"last_update_date": "2024-06-02T22:46:13.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP10018",
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10018"
},
{
"title": "DIR-600_REVB_FIRMWARE_2.17.B02",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57137"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.1
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"trust": 2.0,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10018"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/57304"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-100005"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57304/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/91794"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/66092"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"date": "2015-01-13T00:00:00",
"db": "VULHUB",
"id": "VHN-68501"
},
{
"date": "2014-03-10T00:00:00",
"db": "BID",
"id": "66092"
},
{
"date": "2015-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"date": "2014-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"date": "2015-01-13T11:59:04.477000",
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-68501"
},
{
"date": "2014-03-10T00:00:00",
"db": "BID",
"id": "66092"
},
{
"date": "2024-05-31T06:43:00",
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"date": "2015-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"date": "2024-05-18T01:00:01.410000",
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0DIR-600\u00a0 Cross-site request forgery vulnerability in router firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…