cpe:/o:dlink:dcs-1130_firmware:- CVE-2017-8407 2019-07-02T15:15:10.493-04:00 2019-07-09T10:49:08.857-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2019-07-05T12:14:37.120-04:00 BUGTRAQ 20190609 Newly releases IoT security issues MISC http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html MISC https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password.