D-Link DIR865L routers contain multiple cross-site request forgery (CSRF) vulnerabilities in all HTML forms present in the 1.03 firmware. These CSRF vulnerabilities may allow an attacker to take complete control of the affected device, provided that the target user has an active management session with the router. Exploitation may take place by convincing a target to click a malicious link, browse to a malicious website, or have a compromised network through which a man-in-the-middle attack may be performed.
D-Link DIR865L router (firmware version 1.03 and earlier)
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 19012 - D-Link DIR-865L Cross-Site Request Forgery
Update DIR865L firmware to v1.05b07.