CVE-2013-3095

Name of the Vulnerable Software and Affected Versions D-Link DIR865L router (Rev. A1) with firmware before 1.05b07

Description The issue affects the D-Link DIR865L router, allowing remote attackers to hijack the authentication of administrators. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. The exploitation can lead to changing the administrator password, enabling remote management via a request to "hedwig.cgi", or activating configuration changes via a request to "pigwidgeon.cgi".

Recommendations For D-Link DIR865L router (Rev. A1) with firmware before 1.05b07: Update the firmware to version 1.05b07 or later to resolve the issue. As a temporary workaround, consider restricting access to the "hedwig.cgi" and "pigwidgeon.cgi" endpoints to minimize the risk of exploitation.