CVE-2019-16326

HIGH WAF: Low

CVSS 8.8 Published: 2019-12-26

CWE-352

D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product.

WAF Coverage Analysis

Cross-Site Request Forgery (CSRF) Low WAF Coverage

OWASP: A01:2021 Broken Access Control

Affected Software

Vendor	Product	Version
dlink	dir-601_firmware	2.00na

References

0x62626262.wordpress.com (Exploit, Third Party Advisory)

Back to CVE Database