CVE-2012-5319
published 2012-10-08CVE-2012-5319: Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.07%
60.7th percentile
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
D-Link DCS - 'security.cgi' Cross-Site Request Forgery
exploitdb·2012-02-23
CVE-2012-5319 D-Link DCS - 'security.cgi' Cross-Site Request Forgery
D-Link DCS - 'security.cgi' Cross-Site Request Forgery
---
source: https://www.securityfocus.com/bid/52134/info
The D-Link DCS-900, DCS-2000, and DCS-5300 are prone to a cross-site request-forgery vulnerability.
Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.
This issue affects D-Link DCS-900, DCS-2000, and DCS-5300.
Exploit-DB
D-Link DCS Series - Cross-Site Request Forgery (Change Admin Password)
exploitdb·2012-02-22
CVE-2012-5319 D-Link DCS Series - Cross-Site Request Forgery (Change Admin Password)
D-Link DCS Series - Cross-Site Request Forgery (Change Admin Password)
---
Title: Dlink DCS series CSRF Change Admin Password
Version: DCS-900, DCS-2000, DCS-5300 and possibly other.
Date: 2012-02-22
Author: rigan - imrigan [sobachka] gmail.com
--
Description:
Dlink DCS is a series of network cameras. These cameras use a web interface which is prone to CSRF vulnerabilities. This flaw allows to change the administrator password.
--
Exploit:
--
No writeups or analysis indexed.
2012-10-08
Published