Sign-up

ID

VAR-201703-0520


CVE

CVE-2017-5874


TITLE

D-Link DIR-600M Rev. Cx Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-04424 // CNNVD: CNNVD-201703-1006

DESCRIPTION

CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. Cx The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDIR-600MRev.Cx is a wireless router product from D-Link. D-LinkDIR-600MRev.Cx has a cross-site request forgery vulnerability. Allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Other attacks are also possible. An attacker could exploit this vulnerability to bypass authentication

Trust: 2.52

sources: NVD: CVE-2017-5874 // JVNDB: JVNDB-2017-002478 // CNVD: CNVD-2017-04424 // BID: 96999 // VULHUB: VHN-114077

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04424

AFFECTED PRODUCTS

vendor:d linkmodel:dir-600mscope:lteversion:1.0.1

Trust: 1.0

vendor:d linkmodel:dir-600mscope:ltversion:v3.05enb01_beta_20170306

Trust: 0.8

vendor:d linkmodel:dir-600mscope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-600mscope:eqversion:1.0.1

Trust: 0.6

vendor:dlinkmodel:dir-600mscope:eqversion:0

Trust: 0.3

vendor:dlinkmodel:dir-600m 3.05enb01 beta 20170scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-04424 // BID: 96999 // JVNDB: JVNDB-2017-002478 // CNNVD: CNNVD-201703-1006 // NVD: CVE-2017-5874

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5874
value: HIGH

Trust: 1.0

NVD: CVE-2017-5874
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04424
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-1006
value: HIGH

Trust: 0.6

VULHUB: VHN-114077
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5874
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04424
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114077
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5874
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04424 // VULHUB: VHN-114077 // JVNDB: JVNDB-2017-002478 // CNNVD: CNNVD-201703-1006 // NVD: CVE-2017-5874

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-114077 // JVNDB: JVNDB-2017-002478 // NVD: CVE-2017-5874

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1006

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201703-1006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002478

PATCH
title:DIR-600M Rev. Cx :: CVE-2017-5874 :: CSRF/XSS Vulnerability Security Patch Releasedurl:http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10072
Trust: 0.8
title:Patch for D-LinkDIR-600MRev.Cx Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/91758
Trust: 0.6
title:D-Link DIR-600M Rev. Cx Fixes for cross-site request forgery vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=68715
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04424 // 
            
            
            
            JVNDB: JVNDB-2017-002478 // 
            
            
            
            CNNVD: CNNVD-201703-1006

EXTERNAL IDS
db:BIDid:96999
Trust: 3.4
db:NVDid:CVE-2017-5874
Trust: 3.4
db:DLINKid:SAP10072
Trust: 2.6
db:JVNDBid:JVNDB-2017-002478
Trust: 0.8
db:CNNVDid:CNNVD-201703-1006
Trust: 0.7
db:CNVDid:CNVD-2017-04424
Trust: 0.6
db:VULHUBid:VHN-114077
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04424 // 
            
            
            
            VULHUB: VHN-114077 // 
            
            
            
            BID: 96999 // 
            
            
            
            JVNDB: JVNDB-2017-002478 // 
            
            
            
            CNNVD: CNNVD-201703-1006 // 
            
            
            
            NVD: CVE-2017-5874

REFERENCES
url:http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10072
Trust: 2.6
url:http://www.securityfocus.com/bid/96999
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2017-5874
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5874
Trust: 0.8
url:http://www.securityfocus.com/bid/96999/info
Trust: 0.8
url:http://www.dlink.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04424 // 
            
            
            
            VULHUB: VHN-114077 // 
            
            
            
            BID: 96999 // 
            
            
            
            JVNDB: JVNDB-2017-002478 // 
            
            
            
            CNNVD: CNNVD-201703-1006 // 
            
            
            
            NVD: CVE-2017-5874

CREDITS
AJAY KULAL
Trust: 0.3
sources:
            
            
            BID: 96999

SOURCES
db:CNVDid:CNVD-2017-04424
db:VULHUBid:VHN-114077
db:BIDid:96999
db:JVNDBid:JVNDB-2017-002478
db:CNNVDid:CNNVD-201703-1006
db:NVDid:CVE-2017-5874

LAST UPDATE DATE
2024-11-23T22:42:13.327000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04424date:2017-04-13T00:00:00
db:VULHUBid:VHN-114077date:2017-03-24T00:00:00
db:BIDid:96999date:2017-03-23T00:01:00
db:JVNDBid:JVNDB-2017-002478date:2017-04-17T00:00:00
db:CNNVDid:CNNVD-201703-1006date:2023-04-27T00:00:00
db:NVDid:CVE-2017-5874date:2024-11-21T03:28:35.097

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04424date:2017-04-13T00:00:00
db:VULHUBid:VHN-114077date:2017-03-22T00:00:00
db:BIDid:96999date:2017-03-22T00:00:00
db:JVNDBid:JVNDB-2017-002478date:2017-04-17T00:00:00
db:CNNVDid:CNNVD-201703-1006date:2017-03-23T00:00:00
db:NVDid:CVE-2017-5874date:2017-03-22T05:59:00.160