Sign-up

ID

VAR-201511-0048


CVE

CVE-2015-5999


TITLE

D-Link DIR-816L Wireless Cross-site request forgery vulnerability in router firmware

Trust: 0.8

sources: JVNDB: JVNDB-2015-005967

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. The D-Link DIR-816L is a wireless router product from D-Link. D-Link DIR-816L is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-816L running firmware 2.06.B01 and prior are vulnerable

Trust: 2.52

sources: NVD: CVE-2015-5999 // JVNDB: JVNDB-2015-005967 // CNVD: CNVD-2015-07713 // BID: 77588 // VULHUB: VHN-83960

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07713

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-816lscope:lteversion:2.05.b02

Trust: 1.0

vendor:d linkmodel:dir-816lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-816lscope:ltversion:2.06.b09_beta

Trust: 0.8

vendor:d linkmodel:dir-816l 2.06.b01scope:ltversion: -

Trust: 0.6

vendor:d linkmodel:dir-816lscope:eqversion:2.05.b02

Trust: 0.6

sources: CNVD: CNVD-2015-07713 // JVNDB: JVNDB-2015-005967 // CNNVD: CNNVD-201511-294 // NVD: CVE-2015-5999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5999
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5999
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07713
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201511-294
value: HIGH

Trust: 0.6

VULHUB: VHN-83960
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5999
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07713
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-83960
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-07713 // VULHUB: VHN-83960 // JVNDB: JVNDB-2015-005967 // CNNVD: CNNVD-201511-294 // NVD: CVE-2015-5999

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-83960 // JVNDB: JVNDB-2015-005967 // NVD: CVE-2015-5999

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-294

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201511-294

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005967

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-83960

PATCH
title:DIR-816Lurl:ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF
Trust: 0.8
title:Patch for D-Link DIR-816L Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/66998
Trust: 0.6
title:D-Link DIR-816L Wireless Repair measures for router cross-site request forgery vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=58778
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-07713 // 
            
            
            
            JVNDB: JVNDB-2015-005967 // 
            
            
            
            CNNVD: CNNVD-201511-294

EXTERNAL IDS
db:NVDid:CVE-2015-5999
Trust: 3.4
db:BIDid:77588
Trust: 2.6
db:PACKETSTORMid:134379
Trust: 2.3
db:EXPLOIT-DBid:38707
Trust: 1.7
db:JVNDBid:JVNDB-2015-005967
Trust: 0.8
db:CNNVDid:CNNVD-201511-294
Trust: 0.7
db:CNVDid:CNVD-2015-07713
Trust: 0.6
db:SEEBUGid:SSVID-92774
Trust: 0.1
db:VULHUBid:VHN-83960
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07713 // 
            
            
            
            VULHUB: VHN-83960 // 
            
            
            
            BID: 77588 // 
            
            
            
            JVNDB: JVNDB-2015-005967 // 
            
            
            
            CNNVD: CNNVD-201511-294 // 
            
            
            
            NVD: CVE-2015-5999

REFERENCES
url:http://packetstormsecurity.com/files/134379/d-link-dir-816l-cross-site-request-forgery.html
Trust: 2.3
url:http://www.securityfocus.com/bid/77588
Trust: 1.7
url:http://www.securityfocus.com/archive/1/536886/100/0/threaded
Trust: 1.7
url:https://www.exploit-db.com/exploits/38707/
Trust: 1.7
url:http://seclists.org/fulldisclosure/2015/nov/45
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5999
Trust: 1.4
url:ftp://ftp2.dlink.com/security_advisements/dir-816l/dir-816l_revb_firmware_patch_notes_2.06.b09_beta_en.pdf
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5999
Trust: 0.8
url:http://www.dlink.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-07713 // 
            
            
            
            VULHUB: VHN-83960 // 
            
            
            
            BID: 77588 // 
            
            
            
            JVNDB: JVNDB-2015-005967 // 
            
            
            
            CNNVD: CNNVD-201511-294 // 
            
            
            
            NVD: CVE-2015-5999

CREDITS
Bhadresh Patel
Trust: 0.3
sources:
            
            
            BID: 77588

SOURCES
db:CNVDid:CNVD-2015-07713
db:VULHUBid:VHN-83960
db:BIDid:77588
db:JVNDBid:JVNDB-2015-005967
db:CNNVDid:CNNVD-201511-294
db:NVDid:CVE-2015-5999

LAST UPDATE DATE
2024-11-23T22:49:17.718000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07713date:2015-11-24T00:00:00
db:VULHUBid:VHN-83960date:2018-10-09T00:00:00
db:BIDid:77588date:2015-12-07T22:22:00
db:JVNDBid:JVNDB-2015-005967date:2015-11-20T00:00:00
db:CNNVDid:CNNVD-201511-294date:2023-04-27T00:00:00
db:NVDid:CVE-2015-5999date:2024-11-21T02:34:16.350

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07713date:2015-11-23T00:00:00
db:VULHUBid:VHN-83960date:2015-11-18T00:00:00
db:BIDid:77588date:2015-11-14T00:00:00
db:JVNDBid:JVNDB-2015-005967date:2015-11-20T00:00:00
db:CNNVDid:CNNVD-201511-294date:2015-11-19T00:00:00
db:NVDid:CVE-2015-5999date:2015-11-18T16:59:02.380