CVE-2014-3136

HIGH

D-Link DWR-113 Firmware < 2.03b02 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3136. PoCs published by Blessen Thomas.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in D-Link DWR-113 routers, allowing an attacker to reboot the device and cause a denial of service by tricking an authenticated admin into submitting a malicious form.

Description

Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.

Exploits (1)

exploitdb WORKING POC
by Blessen Thomas · textdoshardware
https://www.exploit-db.com/exploits/34203

This exploit demonstrates a CSRF vulnerability in D-Link DWR-113 routers, allowing an attacker to reboot the device and cause a denial of service by tricking an authenticated admin into submitting a malicious form.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: D-Link DWR-113 Rev. Ax with firmware v2.02 2013-03-13
Auth required
Prerequisites: Admin user must be logged into the router's web interface · Attacker must trick the admin into visiting the malicious HTML page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
https://www.securityfocus.com/bid/68967
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/cve/CVE-2014-3136
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95022

Scores

CVSS v3 8.8
EPSS 0.0289
EPSS Percentile 85.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
dlink/dwr-113_firmware < 2.03b02
Published Dec 27, 2019
Tracked Since Feb 18, 2026