D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
Max CVSS
8.8
EPSS Score
0.16%
Published
2017-11-15
Updated
2023-04-26
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-04-04
Updated
2023-04-26
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-03-22
Updated
2023-04-26
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs.
Max CVSS
8.5
EPSS Score
0.26%
Published
2017-03-06
Updated
2023-04-26
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries.
Max CVSS
8.8
EPSS Score
0.10%
Published
2019-11-22
Updated
2019-12-04
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!