High severity8.8NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026

CVE-2017-7851

Description

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.

Affected products

D-Link/Dcs 936l
cpe:2.3:o:d-link:dcs-936l:*:*:*:*:*:*:*:*
Range: <1.05.07

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.qualys.com/2017/03/26/qsa-2017-03-26/qsa-2017-03-26.pdfnvdExploitIssue TrackingThird Party Advisory
ftp2.dlink.com/PRODUCTS/DCS-936L/REVA/BETA/DCS-936L_REVA_RELEASE_NOTES_v1.05.07_EN.pdfnvdIssue TrackingRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000