CVE-2012-5319

D-Link - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Rigan Iimrigan · htmlremotehardware

https://www.exploit-db.com/exploits/36877

View Code ZIP pw:eip

exploitdb WORKING POC

by rigan · htmlwebappshardware

https://www.exploit-db.com/exploits/18509

View Code ZIP pw:eip

References (2)

[Exploit] http://www.exploit-db.com/exploits/18509

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/73387

Scores

EPSS 0.0117

EPSS Percentile 78.7%

Details

CWE

CWE-352

Status published

Products (3)

dlink/dcs-2000

dlink/dcs-5300

dlink/dcs-900

Published Oct 08, 2012

Tracked Since Feb 18, 2026