CVE-2017-5633 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password (2) reboot the device or (3) possibly have unspecified other impact via crafted requests to CGI programs.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Reference

http://seclists.org/fulldisclosure/2017/Feb/70 http://www.securityfocus.com/bid/96475

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.0