CVE-2015-5999 – D-Link DIR-816L Wireless Router - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2015-5999

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. Múltiples vulnerabilidades de CSRF en el D-Link DIR-816L Wireless Router con firmware en versiones anteriores a 2.06.B09_BETA permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que (1) cambian la contraseña administrador, (2) cambian la política de red o (3) posiblemente tienen otro impacto no especificado a través de peticiones a hedwig.cgi y pigwidgeon.cgi manipuladas. D-Link DIR-816L suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/38707 ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html http://seclists.org/fulldisclosure/2015/Nov/45 http://www.securityfocus.com/archive/1/536886/100/0/threaded http://www.securityfocus.com/bid/77588 • CWE-352: Cross-Site Request Forgery (CSRF) •