Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6411Cross-Site Request Forgery in Dlink Dsl-2730u Firmware

CWE-352Cross-Site Request Forgery5 documents5 sources
Severity
8.8HIGHNVD
EPSS
2.0%
top 16.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Dlink Dsl-2730u Firmware
Timeline
PublishedMar 6
Latest updateMay 17

Description

Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-f6xq-mw44-h29j: Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_12022-05-17
CVEList
CVE-2017-6411: Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_12017-03-06

💥Exploits & PoCs

1
Exploit-DB
D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery2017-03-01

📋Vendor Advisories

1
Chrome
Stable Channel Update for Desktop: CVE-2020-64112020-02-04
CVE-2017-6411 — Cross-Site Request Forgery in Dlink | cvebase