CVE-2017-6411 Dlink CVE debrief

Who should care

Organizations and individuals running D-Link DSL-2730U C1 devices on IN_1.00 firmware, especially where the router is exposed to untrusted browsing activity or where admin sessions are routinely performed from general-purpose workstations.

Technical summary

The NVD record maps the vulnerable product to cpe:2.3:o:dlink:dsl-2730u_firmware:in_1.00:*:*:*:*:*:*:* and classifies the weakness as CWE-352 (CSRF). The CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a network-reachable attack that requires user interaction but no privileges. The reported impact includes unauthorized changes to DNS, firewall, and password configuration.

Defensive priority

High for any environment still operating the affected firmware, because successful CSRF against a router can redirect traffic, weaken perimeter controls, and facilitate credential or network compromise.

Recommended defensive actions

• Identify whether any D-Link DSL-2730U C1 devices are running IN_1.00 firmware.
• Review the vendor/NVD record for any available firmware update or remediation guidance.
• Restrict administrative access to trusted management hosts and avoid performing router administration from untrusted browsing sessions.
• Use separate, hardened browser profiles or management workstations for device administration.
• Verify router DNS, firewall, and password settings for unexpected changes and restore trusted values if needed.
• Monitor for signs of unauthorized configuration changes on affected devices.

Evidence notes

This debrief is based on the supplied NVD record for CVE-2017-6411, which lists the weakness as CWE-352 and the CVSS v3.0 vector as AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The record also includes references to SecurityFocus BID 96560 and an Exploit-DB entry as third-party references; those links are noted here only as references and not used for exploit details. The affected CPE in the source data is specifically dlink:dsl-2730u_firmware IN_1.00.

Official resources