2 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. Los dispositivos DIR-655 C anterior a versión 3.02B05 BETA03 de D-Link, permiten una vulnerabilidad de tipo CSRF para toda la consola de administración. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/csrf.txt https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. Los dispositivos DIR-655 C anterior a versión 3.02B05 BETA03 de D-Link, permiten a los atacantes remotos forzar una contraseña en blanco por medio del parámetro setup_wizard del archivo apply_sec.cgi. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/setupwizard.txt https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce • CWE-255: Credentials Management Errors •