CVE-2014-100005: D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
First published: Tue Jan 13 2015(Updated: )
D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DIR-600 | ||
| All of | ||
| D-Link DIR-600L Firmware | <=2.16ww | |
| D-Link DIR-600 | ||
| D-Link DIR-600M Firmware | <=2.16ww | |
| D-Link DIR-60 |
Remedy
This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/
- http://secunia.com/advisories/57304
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91794
- https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-chrome-eol-d-link-bugs/
- https://legacy.us.dlink.com/pages/product.aspx?id=4587b63118524aec911191cc81605283;
- https://nvd.nist.gov/vuln/detail/CVE-2014-100005
Frequently Asked Questions
What is the severity of CVE-2014-100005?
CVE-2014-100005 is classified as a medium severity vulnerability due to its potential to enable unauthorized configuration changes.
How do I fix CVE-2014-100005?
To mitigate CVE-2014-100005, update the D-Link DIR-600 firmware to a version above 2.16ww.
What types of attacks can exploit CVE-2014-100005?
CVE-2014-100005 can be exploited through cross-site request forgery (CSRF) attacks that hijack an existing administrator session.
Who is affected by CVE-2014-100005?
Users of D-Link DIR-600 routers running firmware versions up to 2.16ww are affected by CVE-2014-100005.
What are the consequences of CVE-2014-100005?
CVE-2014-100005 allows attackers to change router configurations, potentially compromising network security.
- agent/type
- agent/title
- agent/remedy
- agent/description
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-4761
- alias/CVE-2024-4947
- alias/CVE-2014-100005
- alias/CVE-2021-40655
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/event
- agent/author
- agent/last-modified-date
- agent/trending
- agent/source
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/weakness
- vendor/d-link
- canonical/d-link dir-600
- vendor/dlink
- canonical/d-link dir-600l firmware
- version/d-link dir-600l firmware/2.16ww
- canonical/d-link dir-600m firmware
- version/d-link dir-600m firmware/2.16ww
- canonical/d-link dir-60