PT-2017-12145 · Netcomm Wireless · Netcomm Wireless 4Gt101W

Publicado

2017-07-28

Atualizado

2017-08-04

CVE-2017-11646

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NetComm Wireless 4GT101W version V1.1.8.8

Description The issue allows for CSRF attacks, as demonstrated by using the administration.html page to disable the firewall. This is possible because the device does not contain any token that can mitigate CSRF vulnerabilities.

Recommendations For version V1.1.8.8, as a temporary workaround, consider restricting access to the administration.html page to minimize the risk of exploitation. Avoid using the administration.html page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2017-11646

Produtos afetados

Netcomm Wireless 4Gt101W

PT-2017-12145 · Netcomm Wireless · Netcomm Wireless 4Gt101W

CVE-2017-11646

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3