Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware prior to 2.17b02 allow remote malicious users to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
dlink dir-600_firmware |
||
dlink dir-600 - |
CISA warns of hackers exploiting Chrome, EoL D-Link bugs By Bill Toulas May 19, 2024 10:17 AM 0 The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. Adding the issues to the KEV catalog serves as a warning to federal agencies and companies that threat actors are leveraging them in attacks and security updates or miti...
Vulmon