CVE-2018-10957

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 54.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-868l Firmware
Timeline
PublishedMay 10
Latest updateMay 14

Description

CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-5ggv-73xh-p6pm: CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password2022-05-14
CVEList
CVE-2018-10957: CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password2018-05-10
VulnCheck
D-Link dir-868l_firmware Cross-Site Request Forgery (CSRF)2018
CVE-2018-10957 (HIGH CVSS 8.8) | CSRF exists on D-Link DIR-868L devi | cvebase.io