CVE-2024-28731 — Cross-Site Request Forgery in Dlink Dwr-2000m Firmware

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 44.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dwr-2000m Firmware

Timeline

PublishedNov 12

Latest updateNov 13

Description

Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDdlink/dwr-2000m_firmware1.34me

🔴Vulnerability Details

GHSA

GHSA-g6jr-mgvv-g57x: Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1↗2024-11-13

▶

CVEList

CVE-2024-28731: Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1↗2024-11-12

▶