Published: 08/10/2012 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote malicious users to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dcs-900 -
dlink dcs-2000 -
dlink dcs-5300 -

source: wwwsecurityfocuscom/bid/52134/info The D-Link DCS-900, DCS-2000, and DCS-5300 are prone to a cross-site request-forgery vulnerability Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code Other attacks ...

Title: Dlink DCS series CSRF Change Admin Password Version: DCS-900, DCS-2000, DCS-5300 and possibly other Date: 2012-02-22 Author: rigan - imrigan [sobachka] gmailcom -- Description: Dlink DCS is a series of network cameras These cameras use a web interface which is prone to CSRF vulnerabilities This flaw allows to change the administra ...

CWE-352 http://www.exploit-db.com/exploits/18509 https://exchange.xforce.ibmcloud.com/vulnerabilities/73387 https://nvd.nist.gov https://www.exploit-db.com/exploits/36877/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-5319

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect