CVE-2015-2048

CWE-352 — Cross-Site Request Forgery (CSRF)7 documents5 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 79.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dcs-931l Firmware

Timeline

PublishedFeb 23

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDdlink/dcs-931l_firmware1.04

🔴Vulnerability Details

GHSA

GHSA-36h4-8mh8-f386: Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1↗2022-05-17

▶

OSV

libssh vulnerabilities↗2016-02-23

▶

CVEList

CVE-2015-2048: Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1↗2015-02-23

▶

💥Exploits & PoCs

Exploit-DB

Hak5 WiFi Pineapple 2.4 - Preconfiguration Command Injection (Metasploit)↗2016-10-20

▶

Exploit-DB

glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)↗2016-02-16

▶

Exploit-DB

ElasticSearch < 1.4.5 / < 1.5.2 - Directory Traversal↗2015-05-18

▶