Dir 816L Firmware
CVE-2015-5999
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
AnalysisAI
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.4%.
Technical ContextAI
This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. Affected products include: Dlink Dir-816L Firmware. Version information: before 2.06..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.
More in Dir 816L Firmware
View allAn issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated critical severity (CVSS 9.8), this vu
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payl
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php an
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. Rated high severit
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header.
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated medium severity (CVSS 6.1), this
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated high severity (CVSS 7.5), this vulner
Command injection in D-Link DIR-816L firmware up to version 2.06B01 allows authenticated remote attackers to execute arb
A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta.cgi. Rated high severity (CVSS 7.4), this vulnerability
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remote
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is r
A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 8.9), this vulnerability is rem
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today