var-201703-0520
Vulnerability from variot
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. Cx The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDIR-600MRev.Cx is a wireless router product from D-Link. D-LinkDIR-600MRev.Cx has a cross-site request forgery vulnerability. Allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Other attacks are also possible. An attacker could exploit this vulnerability to bypass authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0520",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-600m",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "1.0.1"
},
{
"model": "dir-600m",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "v3.05enb01_beta_20170306"
},
{
"model": "dir-600m",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-600m",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.0.1"
},
{
"model": "dir-600m",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-600m 3.05enb01 beta 20170",
"scope": "ne",
"trust": 0.3,
"vendor": "dlink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"db": "BID",
"id": "96999"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1006"
},
{
"db": "NVD",
"id": "CVE-2017-5874"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-600m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002478"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AJAY KULAL",
"sources": [
{
"db": "BID",
"id": "96999"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-5874",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-04424",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-114077",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-5874",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5874",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5874",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04424",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1006",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114077",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"db": "VULHUB",
"id": "VHN-114077"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1006"
},
{
"db": "NVD",
"id": "CVE-2017-5874"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. Cx The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDIR-600MRev.Cx is a wireless router product from D-Link. D-LinkDIR-600MRev.Cx has a cross-site request forgery vulnerability. Allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Other attacks are also possible. An attacker could exploit this vulnerability to bypass authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5874"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"db": "BID",
"id": "96999"
},
{
"db": "VULHUB",
"id": "VHN-114077"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "96999",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2017-5874",
"trust": 3.4
},
{
"db": "DLINK",
"id": "SAP10072",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002478",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1006",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04424",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114077",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"db": "VULHUB",
"id": "VHN-114077"
},
{
"db": "BID",
"id": "96999"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1006"
},
{
"db": "NVD",
"id": "CVE-2017-5874"
}
]
},
"id": "VAR-201703-0520",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"db": "VULHUB",
"id": "VHN-114077"
}
],
"trust": 1.3199999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04424"
}
]
},
"last_update_date": "2024-11-23T22:42:13.327000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-600M Rev. Cx :: CVE-2017-5874 :: CSRF/XSS Vulnerability Security Patch Released",
"trust": 0.8,
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10072"
},
{
"title": "Patch for D-LinkDIR-600MRev.Cx Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91758"
},
{
"title": "D-Link DIR-600M Rev. Cx Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=68715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114077"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"db": "NVD",
"id": "CVE-2017-5874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10072"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96999"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5874"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5874"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/96999/info"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"db": "VULHUB",
"id": "VHN-114077"
},
{
"db": "BID",
"id": "96999"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1006"
},
{
"db": "NVD",
"id": "CVE-2017-5874"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"db": "VULHUB",
"id": "VHN-114077"
},
{
"db": "BID",
"id": "96999"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1006"
},
{
"db": "NVD",
"id": "CVE-2017-5874"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"date": "2017-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-114077"
},
{
"date": "2017-03-22T00:00:00",
"db": "BID",
"id": "96999"
},
{
"date": "2017-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"date": "2017-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1006"
},
{
"date": "2017-03-22T05:59:00.160000",
"db": "NVD",
"id": "CVE-2017-5874"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"date": "2017-03-24T00:00:00",
"db": "VULHUB",
"id": "VHN-114077"
},
{
"date": "2017-03-23T00:01:00",
"db": "BID",
"id": "96999"
},
{
"date": "2017-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002478"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1006"
},
{
"date": "2024-11-21T03:28:35.097000",
"db": "NVD",
"id": "CVE-2017-5874"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-600M Rev. Cx Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04424"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1006"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1006"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.