CVE-2015-5999

Name of the Vulnerable Software and Affected Versions D-Link DIR-816L Wireless Router versions prior to 2.06.B09 BETA

Description The issue allows remote attackers to hijack the authentication of administrators for requests, including changing the admin password and network policy, via crafted requests to "hedwig.cgi" and "pigwidgeon.cgi" API endpoints.

Recommendations For versions prior to 2.06.B09 BETA, update the firmware to version 2.06.B09 BETA or later to resolve the issue. As a temporary workaround, consider restricting access to the "hedwig.cgi" and "pigwidgeon.cgi" API endpoints until the update is applied.