PT-2013-4137 · D Link · D-Link Dir-865L
Jacob Holcomb
·
Published
2013-11-19
·
Updated
2013-11-20
·
CVE-2013-3095
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
D-Link DIR865L router (Rev. A1) with firmware before 1.05b07
Description
The issue affects the D-Link DIR865L router, allowing remote attackers to hijack the authentication of administrators. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. The exploitation can lead to changing the administrator password, enabling remote management via a request to "hedwig.cgi", or activating configuration changes via a request to "pigwidgeon.cgi".
Recommendations
For D-Link DIR865L router (Rev. A1) with firmware before 1.05b07: Update the firmware to version 1.05b07 or later to resolve the issue. As a temporary workaround, consider restricting access to the "hedwig.cgi" and "pigwidgeon.cgi" endpoints to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-865L