Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
Exploits (1)
exploitdb
WORKING POC
by Bhadresh Patel · textwebappshardware
https://www.exploit-db.com/exploits/38707
References (6)
Core 6
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Nov/45
Exploit x_refsource_misc
http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536886/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/77588
Various Sources x_refsource_confirm
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/38707/
Scores
EPSS
0.1438
EPSS Percentile
94.4%
Details
CWE
CWE-352
Status
published
Products (1)
dlink/dir-816l_firmware
< 2.05.b02
Published
Nov 18, 2015
Tracked Since
Feb 18, 2026