INITIALIZING
📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Enterprise Software and Database Management CRITICAL 21m Global vulnerability Information Technology CRITICAL 54m Global malware Financial Services HIGH 1h Global vulnerability Technology/Software CRITICAL 1h Global vulnerability Information Technology HIGH 2h Global data_breach Government CRITICAL 11h Global ransomware Financial Services / Cybersecurity CRITICAL 11h Global vulnerability Information Technology / Cybersecurity CRITICAL 13h Global malware Energy and Utilities CRITICAL 14h Global ransomware Multiple sectors CRITICAL 14h Global vulnerability Enterprise Software and Database Management CRITICAL 21m Global vulnerability Information Technology CRITICAL 54m Global malware Financial Services HIGH 1h Global vulnerability Technology/Software CRITICAL 1h Global vulnerability Information Technology HIGH 2h Global data_breach Government CRITICAL 11h Global ransomware Financial Services / Cybersecurity CRITICAL 11h Global vulnerability Information Technology / Cybersecurity CRITICAL 13h Global malware Energy and Utilities CRITICAL 14h Global ransomware Multiple sectors CRITICAL 14h Global vulnerability Enterprise Software and Database Management CRITICAL 21m Global vulnerability Information Technology CRITICAL 54m Global malware Financial Services HIGH 1h Global vulnerability Technology/Software CRITICAL 1h Global vulnerability Information Technology HIGH 2h Global data_breach Government CRITICAL 11h Global ransomware Financial Services / Cybersecurity CRITICAL 11h Global vulnerability Information Technology / Cybersecurity CRITICAL 13h Global malware Energy and Utilities CRITICAL 14h Global ransomware Multiple sectors CRITICAL 14h
Vulnerabilities

CVE-2014-100005

Critical 🇺🇸 CISA KEV ⚡ Exploit Available
D-Link DIR-600 Router CSRF Vulnerability Enables Unauthorized Configuration Changes
Published: May 16, 2024  ·  Source: CISA_KEV
CVSS v3
9.0
🔗 NVD Official
📄 Description (English)

D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability — D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session.

🤖 AI Executive Summary

D-Link DIR-600 routers contain a critical CSRF vulnerability (CVE-2014-100005, CVSS 9.0) allowing attackers to hijack administrator sessions and modify router configurations without authorization. Active exploits exist with no vendor patch available, requiring immediate mitigation through device replacement or network isolation.

📄 Description (Arabic)

تسمح هذه الثغرة الأمنية للمهاجمين بتنفيذ هجمات تزوير الطلبات عبر المواقع (CSRF) ضد موجهات D-Link DIR-600، مما يمكّنهم من خداع المسؤولين المصادق عليهم لتنفيذ إجراءات غير مقصودة. يمكن للمهاجم تغيير إعدادات DNS، وتعديل كلمات المرور الإدارية، وفتح منافذ الشبكة، أو إعادة توجيه حركة المرور دون علم المسؤول. نظراً لعدم توفر تصحيح رسمي ووجود استغلالات موثقة، تشكل هذه الثغرة خطراً كبيراً على البنية التحتية للشبكات في المؤسسات السعودية. يُنصح بشدة باستبدال هذه الأجهزة فوراً بموجهات حديثة مدعومة بتحديثات أمنية منتظمة.

🤖 ملخص تنفيذي (AI)

تحتوي موجهات D-Link DIR-600 على ثغرة CSRF حرجة (CVE-2014-100005، درجة CVSS 9.0) تسمح للمهاجمين باختطاف جلسات المسؤول وتعديل إعدادات الموجه دون تصريح. توجد استغلالات نشطة دون وجود تصحيح من المورّد، مما يتطلب تخفيفاً فورياً عبر استبدال الجهاز أو عزله على الشبكة.

🤖 AI Intelligence Analysis Analyzed: Feb 28, 2026 10:11
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using D-Link DIR-600 routers face critical risk of network compromise through session hijacking, potentially exposing internal networks to unauthorized access, data interception, and traffic manipulation. This is particularly concerning for SMEs and branch offices that may still operate legacy network equipment without proper security monitoring.
🏢 Affected Saudi Sectors
المؤسسات الصغيرة والمتوسطة الاتصالات وتقنية المعلومات التعليم الرعاية الصحية القطاع الحكومي الخدمات المالية
⚖️ Saudi Risk Score (AI)
9.0
/ 10.0
🔧 Remediation Steps (English)
1. Immediately identify and inventory all D-Link DIR-600 routers in the network infrastructure and isolate them from critical systems until replacement.

2. Replace affected D-Link DIR-600 devices with modern, actively supported routers that receive regular security updates and implement anti-CSRF tokens.

3. Implement network segmentation and deploy next-generation firewalls to monitor and restrict administrative access to network devices, enforcing multi-factor authentication for all administrative interfaces.
🔧 خطوات المعالجة (العربية)
1. تحديد وجرد جميع موجهات D-Link DIR-600 في البنية التحتية للشبكة فوراً وعزلها عن الأنظمة الحرجة حتى استبدالها.

2. استبدال أجهزة D-Link DIR-600 المتأثرة بموجهات حديثة مدعومة بشكل نشط تتلقى تحديثات أمنية منتظمة وتطبق رموز مكافحة CSRF.

3. تطبيق تجزئة الشبكة ونشر جدران حماية من الجيل التالي لمراقبة وتقييد الوصول الإداري لأجهزة الشبكة، مع فرض المصادقة متعددة العوامل لجميع واجهات الإدارة.
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC-1-2 ECC-2-1 ECC-3-1 ECC-5-1
🔵 SAMA CSF
CYB-SEC-1.1 CYB-SEC-2.2 CYB-TRM-3.1 CYB-NET-1.2
🟡 ISO 27001:2022
A.12.6.1 A.13.1.1 A.14.2.5 A.18.2.3
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
D-Link:DIR-600 Router
📊 CVSS Score
9.0
/ 10.0 — Critical
📋 Quick Facts
Severity Critical
CVSS Score9.0
EPSS40.76%
Exploit ✓ Yes
Patch ✓ Yes
CISA KEV🇺🇸 Yes
KEV Due Date2024-06-06
Published 2024-05-16
Source Feed cisa_kev
Views 2
🇸🇦 Saudi Risk Score
9.0
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
kev actively-exploited
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.