CVE-2015-2676

Name of the Vulnerable Software and Affected Versions ASUS RT-G32 routers versions 2.0.2.6 through 2.0.3.2

Description A cross-site request forgery issue allows remote attackers to hijack administrator authentication for requests that change the administrator password via a request to "start apply.htm".

Recommendations For version 2.0.2.6, update the firmware to a version that is not affected by this issue. For version 2.0.3.2, update the firmware to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the "start apply.htm" endpoint to minimize the risk of exploitation.