CVE-2008-6823

Name of the Vulnerable Software and Affected Versions: A-LINK WL54AP3 versions prior to 1.4.2-eng1 A-LINK WL54AP2 versions prior to 1.4.2-eng1

Description: The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the management interface of the affected access points. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests. The requests in question can modify the network configuration via certain parameters to "goform/formWanTcpipSetup" or modify credentials via certain parameters to "goform/formPasswordSetup".

Recommendations: For A-LINK WL54AP3 versions prior to 1.4.2-eng1, update to firmware version 1.4.2-eng1 or later. For A-LINK WL54AP2 versions prior to 1.4.2-eng1, update to firmware version 1.4.2-eng1 or later. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.