ID
VAR-E-201012-0974
TITLE
D-Link DIR-300 'tools_admin.php' Cross-Site Request Forgery Vulnerability
Trust: 0.3
DESCRIPTION
The D-Link DIR-300 router is prone to a cross-site request-forgery vulnerability.
Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.
This issue affects D-Link DIR-300 running firmware 1.04.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-300 | scope: | eq | version: | 1.04 | Trust: 0.3 |
EXPLOIT
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Bullet list:
<li><a href="/data/vulnerabilities/exploits/45473.html">/data/vulnerabilities/exploits/45473.html</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
outlaw.dll
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 45473 | Trust: 0.3 |
REFERENCES
| url: | http://www.linksys.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 45473 |
LAST UPDATE DATE
2022-07-27T09:57:02.033000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 45473 | date: | 2010-12-17T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 45473 | date: | 2010-12-17T00:00:00 |