CVE-2014-100005 – D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2014-100005
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. Múltiples vulnerabilidades de CSRF en el router D-Link DIR-600 (rev. Bx) con firmware anterior a 2.17b02 permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) crean una cuenta de administrador o (2) habilitan la gestión remota a través de un módulo de configuración manipulado en hedwig.cgi, (3) activan nuevos ajustes de configuraciones a través de una acción SETCFG,SAVE,ACTIVATE en pigwidgeon.cgi, o (4) envían un ping a través de una acción ping en diagnostic.php. D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session. • http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access http://secunia.com/advisories/57304 http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018 https://exchange.xforce.ibmcloud.com/vulnerabilities/91794 • CWE-352: Cross-Site Request Forgery (CSRF) •