Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dwr-113 Firmware | < 2.03b02 |
| Dlink | Dwr-113 | - |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95022Third Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/cve/CVE-2014-3136Third Party AdvisoryVDB Entry
- https://www.securityfocus.com/bid/68967Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95022Third Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/cve/CVE-2014-3136Third Party AdvisoryVDB Entry
- https://www.securityfocus.com/bid/68967Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-3136?
CVE-2014-3136 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change...
How severe is CVE-2014-3136?
CVE-2014-3136 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3136?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dwr-113 Firmware, Dlink Dwr-113.