Unrated severityNVD Advisory· Published Nov 18, 2015· Updated May 6, 2026

CVE-2015-5999

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.htmlnvdExploit
seclists.org/fulldisclosure/2015/Nov/45nvdExploit
ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDFnvd
www.securityfocus.com/archive/1/536886/100/0/threadednvd
www.securityfocus.com/bid/77588nvd
www.exploit-db.com/exploits/38707/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000