CVE-2014-3792

Name of the Vulnerable Software and Affected Versions Beetel 450TC2 Router with firmware TX6-0Q-005 retail

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that change the administrator password. This is achieved via the uiViewTools Password and uiViewTools PasswordConfirm parameters to "Forms/tools admin 1".

Recommendations For Beetel 450TC2 Router with firmware TX6-0Q-005 retail, as a temporary workaround, consider restricting access to the "Forms/tools admin 1" endpoint until a patch is available. Avoid using the uiViewTools Password and uiViewTools PasswordConfirm parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.