CVE-2014-100005
Published: 13 January 2015
Summary
CVE-2014-100005 is a high-severity CSRF (CWE-352) vulnerability in Dlink Dir-600 Firmware. Its CVSS base score is 8.0 (High).
Operationally, ranked in the top 2.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
The CVE-2014-100005 identifies multiple cross-site request forgery vulnerabilities in the D-Link DIR-600 router revision Bx running firmware versions prior to 2.17b02. These flaws, tracked under CWE-352, affect the hedwig.cgi, pigwidgeon.cgi, and diagnostic.php components and permit unauthorized administrative actions via crafted requests.
An attacker positioned on the adjacent network can exploit the issues to hijack an authenticated administrator session, resulting in creation of new administrator accounts, enabling of remote management, activation of arbitrary configuration changes through SETCFG,SAVE,ACTIVATE sequences, or execution of ping commands. The CVSS 3.1 base score of 8.0 reflects the combination of low attack complexity and high impact on confidentiality, integrity, and availability.
D-Link security advisory SAP10018 and related Secunia publications direct users to apply firmware 2.17b02 or newer, which resolves the CSRF exposure in the affected configuration and diagnostic modules. No public evidence of in-the-wild exploitation is referenced in the available advisories.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2014-1036
Vulnerability details
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a…
more
crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
- CWE(s)
- KEV Date Added
- 16 May 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces that administrative actions on hedwig.cgi, pigwidgeon.cgi and diagnostic.php can only be performed by properly authenticated and authorized requests, blocking the forged CSRF requests.
Requires validation of all inputs to the affected CGIs so that requests lacking valid origin or anti-CSRF tokens are rejected before any configuration or diagnostic action is executed.
Mandates timely application of the vendor firmware 2.17b02 that removes the CSRF flaws in the configuration and diagnostic modules.