PT-2015-7100 · Kasda+1 · Kasda Kw58293+1
Eskie Cirrus James Maquilang
·
Publicado
2015-09-21
·
Atualizado
2015-09-21
·
CVE-2015-5991
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN
Kasda KW58293 devices
Description
A cross-site request forgery (CSRF) issue exists in the form2WlanSetup.cgi file, allowing remote attackers to hijack administrator authentication for requests that perform setup operations. This can be used to modify network settings.
Recommendations
For PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN, restrict access to the form2WlanSetup.cgi file until a patch is available.
For Kasda KW58293 devices, avoid using the form2WlanSetup.cgi file for setup operations until the issue is resolved.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kasda Kw58293
Pldt Speedsurf 504An