PT-2013-4568 · Brickcom · Brickcom Osd-040E+4
Jonás Ropero Castillo
·
Publicado
2013-10-01
·
Atualizado
2025-03-04
·
CVE-2013-3690
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Brickcom FB-100Ap versions 3.1.0.8 and earlier
Brickcom WCB-100Ap versions 3.1.0.8 and earlier
Brickcom MD-100Ap versions 3.1.0.8 and earlier
Brickcom WFB-100Ap versions 3.1.0.8 and earlier
Brickcom OB-100Ae versions 3.1.0.8 and earlier
Brickcom OSD-040E versions 3.1.0.8 and earlier
Description
A cross-site request forgery (CSRF) issue exists in the cgi-bin/users.cgi file, allowing remote attackers to hijack the authentication of administrators for requests that add users.
Recommendations
For Brickcom FB-100Ap version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom WCB-100Ap version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom MD-100Ap version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom WFB-100Ap version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom OB-100Ae version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom OSD-040E version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Brickcom Fb-100Ap
Brickcom Md-100Ap
Brickcom Ob-100Ae
Brickcom Osd-040E
Brickcom Wcb-100Ap