CVE-2017-5633

Published: Mar 6, 2017Modified: May 13, 2026

8.0

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs.

Affected (1)

Products: D Link: Di 524 Firmware

1 product

Di 524 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Di 524 Firmware	Version 9.01

Running on/with	Platform Versions
Dlink Di 524	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://seclists.org/fulldisclosure/2017/Feb/70

Source: cve@mitre.org

ExploitProductThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/96475

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Feb/70

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitProductThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/96475

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.