BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

D-Link DIR-865L Cross-Site Request Forgery

Disclosed April 13, 2013    Fully Patched

Vulnerability Description:

D-Link DIR865L routers contain multiple cross-site request forgery (CSRF) vulnerabilities in all HTML forms present in the 1.03 firmware. These CSRF vulnerabilities may allow an attacker to take complete control of the affected device, provided that the target user has an active management session with the router. Exploitation may take place by convincing a target to click a malicious link, browse to a malicious website, or have a compromised network through which a man-in-the-middle attack may be performed.

Vendors:

D-Link

Vulnerable Software/Devices:

D-Link DIR865L router (firmware version 1.03 and earlier)

Vulnerability Severity:

Medium

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19012 - D-Link DIR-865L Cross-Site Request Forgery

Mitigation:

Update DIR865L firmware to v1.05b07.

Links:

CVE(s):

None