CVE-2013-3095

D-Link DIR865L Firmware < 1.05b07 - Cross-Site Request Forgery via hedwig.cgi or pigwidgeon.cgi

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3095. PoCs published by Jacob Holcomb.

AI-analyzed exploit summary This HTML-based PoC exploits a CSRF vulnerability in D-Link DIR-865L routers (firmware 1.03) by submitting a crafted form to 'hedwig.cgi' to modify device settings, including admin credentials and HTTP configurations. The exploit uses JavaScript to auto-submit the form and open a secondary page.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jacob Holcomb · htmlremotehardware
https://www.exploit-db.com/exploits/38481

This HTML-based PoC exploits a CSRF vulnerability in D-Link DIR-865L routers (firmware 1.03) by submitting a crafted form to 'hedwig.cgi' to modify device settings, including admin credentials and HTTP configurations. The exploit uses JavaScript to auto-submit the form and open a secondary page.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: D-Link DIR-865L firmware version 1.03
No auth needed
Prerequisites: Victim must be authenticated to the router's admin interface · Attacker must trick victim into visiting the malicious HTML page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/53064

Scores

EPSS 0.0124
EPSS Percentile 65.2%

Details

CWE
CWE-352
Status published
Products (5)
dlink/dir865l
dlink/dir865l_firmware 1.00b24
dlink/dir865l_firmware 1.02
dlink/dir865l_firmware 1.03
dlink/dir865l_firmware < 1.05
Published Nov 20, 2013
Tracked Since Feb 18, 2026