Shyamkumar Somana

**Name of the Vulnerable Software and Affected Versions** Beetel 450TC2 Router with firmware TX6-0Q-005 retail **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that change the administrator password. This is achieved via the `uiViewTools Password` and `uiViewTools PasswordConfirm` parameters to "Forms/tools admin 1". **Recommendations** For Beetel 450TC2 Router with firmware TX6-0Q-005 retail, as a temporary workaround, consider restricting access to the "Forms/tools admin 1" endpoint until a patch is available. Avoid using the `uiViewTools Password` and `uiViewTools PasswordConfirm` parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.