CVE-2012-5319

D-Link DCS-2000, DCS-5300, and DCS-900 - Cross-Site Request Forgery via rootpass Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-5319. PoCs published by Rigan Iimrigan, rigan.

AI-analyzed exploit summary This HTML-based PoC demonstrates a CSRF vulnerability in D-Link DCS-900, DCS-2000, and DCS-5300 devices. It automates a POST request to change the root password via a malicious form submission.

Description

Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Rigan Iimrigan · htmlremotehardware
https://www.exploit-db.com/exploits/36877

This HTML-based PoC demonstrates a CSRF vulnerability in D-Link DCS-900, DCS-2000, and DCS-5300 devices. It automates a POST request to change the root password via a malicious form submission.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: D-Link DCS-900, DCS-2000, DCS-5300
No auth needed
Prerequisites: Victim must visit the malicious HTML page while authenticated to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by rigan · htmlwebappshardware
https://www.exploit-db.com/exploits/18509

This exploit demonstrates a CSRF vulnerability in D-Link DCS series network cameras, allowing an attacker to change the administrator password via a malicious HTML form submission.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: D-Link DCS-900, DCS-2000, DCS-5300 and possibly other models
No auth needed
Prerequisites: Victim must visit a malicious webpage while authenticated to the camera's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18509
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73387

Scores

EPSS 0.0107
EPSS Percentile 60.5%

Details

CWE
CWE-352
Status published
Products (3)
dlink/dcs-2000
dlink/dcs-5300
dlink/dcs-900
Published Oct 08, 2012
Tracked Since Feb 18, 2026