CVE-2017-7851
N/A
N/A
Summary
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- ftp://ftp2.dlink.com/PRODUCTS/DCS-936L/REVA/BETA/DCS-936L_REVA_RELEASE_NOTES_v1.05.07_EN.pdf
- https://www.qualys.com/2017/03/26/qsa-2017-03-26/qsa-2017-03-26.pdf
References
- ftp://ftp2.dlink.com/PRODUCTS/DCS-936L/REVA/BETA/DCS-936L_REVA_RELEASE_NOTES_v1.05.07_EN.pdf
- https://www.qualys.com/2017/03/26/qsa-2017-03-26/qsa-2017-03-26.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.