Cyber Resilience

CVE-2014-100005

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 13 January 2015

Published
13 January 2015
Modified
22 April 2026
KEV Added
16 May 2024
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4531 97.7th percentile
Risk Priority 63 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2014-100005 is a high-severity CSRF (CWE-352) vulnerability in Dlink Dir-600 Firmware. Its CVSS base score is 8.0 (High).

Operationally, ranked in the top 2.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

The CVE-2014-100005 identifies multiple cross-site request forgery vulnerabilities in the D-Link DIR-600 router revision Bx running firmware versions prior to 2.17b02. These flaws, tracked under CWE-352, affect the hedwig.cgi, pigwidgeon.cgi, and diagnostic.php components and permit unauthorized administrative actions via crafted requests.

An attacker positioned on the adjacent network can exploit the issues to hijack an authenticated administrator session, resulting in creation of new administrator accounts, enabling of remote management, activation of arbitrary configuration changes through SETCFG,SAVE,ACTIVATE sequences, or execution of ping commands. The CVSS 3.1 base score of 8.0 reflects the combination of low attack complexity and high impact on confidentiality, integrity, and availability.

D-Link security advisory SAP10018 and related Secunia publications direct users to apply firmware 2.17b02 or newer, which resolves the CSRF exposure in the affected configuration and diagnostic modules. No public evidence of in-the-wild exploitation is referenced in the available advisories.

EU & UK References

Vulnerability details

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a…

more

crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.

CWE(s)
KEV Date Added
16 May 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-600 firmware
≤ 2.16ww

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces that administrative actions on hedwig.cgi, pigwidgeon.cgi and diagnostic.php can only be performed by properly authenticated and authorized requests, blocking the forged CSRF requests.

prevent

Requires validation of all inputs to the affected CGIs so that requests lacking valid origin or anti-CSRF tokens are rejected before any configuration or diagnostic action is executed.

prevent

Mandates timely application of the vendor firmware 2.17b02 that removes the CSRF flaws in the configuration and diagnostic modules.

References