CVE-2018-10957

CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 09, 2018
Published Date: May 10, 2018
Last Updated: August 05, 2024
Vendor: n/a
Product: n/a
Description: CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.

CVSS Scores

CVSS v3.0

8.8 - HIGH

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild: Yes (2025-10-08 20:14:57 UTC) Source

References

https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-10-08 20:14:57 UTC

Timeline

CVE ID Reserved

May 09, 2018
CVE Published to Public

May 10, 2018
Added to KEVIntel

October 08, 2025