CVE-2017-5633

HIGH

D-link Di-524 Firmware - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs.

Exploits (2)

exploitdb WORKING POC

by Felipe Soares de Souza · htmlwebappshardware

https://www.exploit-db.com/exploits/40983

View Code ZIP pw:eip

nomisec WORKING POC

by cardangi · poc

https://github.com/cardangi/Exploit-CVE-2017-5633

View Code ZIP pw:eip

References (2)

[Exploit, Product, Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2017/Feb/70

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96475

Scores

CVSS v3 8.0

EPSS 0.0137

EPSS Percentile 80.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

d-link/di-524_firmware 9.01

Published Mar 06, 2017

Tracked Since Feb 18, 2026