![dlink dir-600-firmware]()
CVE-2014-100005 vulnerability in D-Link Products
Published on January 13, 2015
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Known Exploited Vulnerability
This D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session.
The following remediation steps are recommended / required by June 6, 2024: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Products Associated with CVE-2014-100005
stack.watch emails you whenever new vulnerabilities are published in D-Link Dir 600 Firmware or D-Link Dir 600. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.