D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
2017-11-15T08:29:00.577
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 8.8 (HIGH)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | d-link | dcs-936l | < 1.05.07 | Yes |
Hardware | dlink | dcs-936l | - | No |