CVE-2019-16326

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.4%

top 36.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-601 Firmware

Timeline

PublishedDec 26

Latest updateMay 24

Description

D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDdlink/dir-601_firmware2.00na

🔴Vulnerability Details

GHSA

GHSA-pvc6-vfc9-wpjv: D-Link DIR-601 B1 2↗2022-05-24

▶

CVEList

CVE-2019-16326: D-Link DIR-601 B1 2↗2019-12-26

▶