CVE-2014-100005

HIGH KEV

D-Link DIR-600 Firmware < 2.16ww - Cross-Site Request Forgery via hedwig.cgi, pigwidgeon.cgi, or diagnostic.php

Title source: llm

Exploitation Summary

CVE-2014-100005 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 16, 2024. EIP tracks 1 public exploit, including a Metasploit module exploits/linux/http/dlink_diagnostic_exec_noauth.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in D-Link routers via the diagnostic.php endpoint, allowing unauthenticated RCE on affected devices. It supports both direct command execution and staged payload delivery for MIPS-based systems.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_diagnostic_exec_noauth.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in D-Link routers via the diagnostic.php endpoint, allowing unauthenticated RCE on affected devices. It supports both direct command execution and staged payload delivery for MIPS-based systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: D-Link DIR-645 (prior to 1.03), DIR-815, DIR-300 rev B, DIR-600

No auth needed

Prerequisites: Network access to the vulnerable device · Wget available on the target (for staged payloads)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-100005

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/57304

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/91794

Exploit, Third Party Advisory x_refsource_misc

http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/

Patch, Vendor Advisory x_refsource_confirm

http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018

Scores

CVSS v3 8.0

EPSS 0.4241

EPSS Percentile 98.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2024-05-16

VulnCheck KEV 2024-05-16

InTheWild.io 2024-05-16

ENISA EUVD EUVD-2014-1036

CWE

CWE-352

Status published

Products (1)

dlink/dir-600_firmware < 2.16ww

Published Jan 13, 2015

KEV Added May 16, 2024

Tracked Since Feb 18, 2026