CVE-2014-100005 in DIR-60info

Summary

by MITRE

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 04/22/2026

The CVE-2014-100005 vulnerability represents a critical cross-site request forgery flaw affecting D-Link DIR-600 router models with firmware versions prior to 2.17b02. This vulnerability resides within the web-based administrative interface of the router, specifically targeting the hedwig.cgi, pigwidgeon.cgi, and diagnostic.php scripts that handle various configuration and diagnostic functions. The flaw allows remote attackers to manipulate authenticated administrative sessions without requiring valid credentials, creating a significant security risk for network administrators who rely on these devices for network management. The vulnerability is classified under CWE-352, which specifically addresses Cross-Site Request Forgery conditions where web applications fail to validate the origin of requests, making it particularly dangerous in enterprise and home network environments where router administration is frequently performed through web interfaces.

The technical exploitation of this vulnerability occurs through carefully crafted HTTP requests that leverage the router's lack of proper CSRF token validation mechanisms. Attackers can construct malicious web pages or send specially formatted requests that, when executed by an authenticated administrator, will perform unauthorized administrative actions including creating new administrator accounts, enabling remote management capabilities, activating new configurations, or executing diagnostic commands. The vulnerability affects four distinct administrative endpoints within the router's web interface, each representing a different attack vector that could lead to complete network compromise. The hedwig.cgi module allows for account creation and remote management activation, while pigwidgeon.cgi handles configuration activation, and diagnostic.php provides ping functionality that can be exploited for network reconnaissance or denial-of-service attacks. This multi-vector approach increases the potential impact and makes the vulnerability particularly challenging to defend against.

The operational impact of CVE-2014-100005 extends beyond simple unauthorized access to encompass complete network compromise and potential data exfiltration. An attacker who successfully exploits this vulnerability can gain persistent administrative control over the router, potentially enabling them to modify firewall rules, redirect traffic, install malicious firmware, or establish backdoor access points. The ability to create new administrator accounts means that attackers can maintain access even if the original administrative credentials are changed. Furthermore, enabling remote management via the affected configuration module could allow attackers to access the router from external networks, bypassing local security controls. The activation of new configuration settings through the SETCFG,SAVE,ACTIVATE action in pigwidgeon.cgi provides attackers with the capability to modify critical network parameters that could disrupt services or redirect network traffic to malicious destinations. The ping functionality in diagnostic.php, while seemingly benign, could be used for network reconnaissance or to establish command and control channels.

Mitigation strategies for CVE-2014-100005 should prioritize immediate firmware updates from D-Link to address the CSRF validation weaknesses in affected devices. Network administrators should also implement network segmentation to isolate critical router management functions from general network traffic, and deploy web application firewalls or intrusion prevention systems that can detect and block CSRF attack patterns. Additional protective measures include disabling remote management capabilities unless absolutely necessary, implementing strong authentication mechanisms such as two-factor authentication, and regularly monitoring router logs for unauthorized configuration changes. Organizations should also consider implementing network access controls that restrict administrative access to specific IP addresses or ranges, and maintain detailed inventory records of all network devices to quickly identify potentially vulnerable systems. The vulnerability demonstrates the importance of implementing proper input validation and CSRF token mechanisms in web applications, aligning with ATT&CK technique T1078 for valid accounts and T1566 for credential harvesting, while also highlighting the need for secure coding practices that prevent unauthorized privilege escalation through web-based interfaces.

Reservation

01/13/2015

Disclosure

01/13/2015

Moderation

accepted

Entry

VDB-73566

CPE

ready

EPSS

0.42414

KEV

yes

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!