SecuritySpace - CVE-2014-100005

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-100005

Description: Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.

Test IDs: 1.3.6.1.4.1.25623.1.0.103691

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-100005
http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/
http://secunia.com/advisories/57304
XForce ISS Database: dir600-settings-csrf(91794)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91794

CVE ID:	CVE-2014-100005
Description:	Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Test IDs:	1.3.6.1.4.1.25623.1.0.103691
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-100005 http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/ http://secunia.com/advisories/57304 XForce ISS Database: dir600-settings-csrf(91794) https://exchange.xforce.ibmcloud.com/vulnerabilities/91794