exploitDog

CVE-2019-16326

Опубликовано: 26 дек. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product.

Ссылки

https://0x62626262.wordpress.com/2019/12/24/dlink-dir-601-router-authentication-bypass-and-csrf/
Exploit
Third Party Advisory
https://0x62626262.wordpress.com/2019/12/24/dlink-dir-601-router-authentication-bypass-and-csrf/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dir-601_firmware:2.00na:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-601:b1:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00816

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-pvc6-vfc9-wpjv

github

больше 3 лет назад

D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product.

EPSS

Процентиль: 74%

0.00816

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352