CVE-2017-14267

Name of the Vulnerable Software and Affected Versions EE 4GEE WiFi MBB versions before EE60 00 05.00 31

Description The issue is related to Cross-Site Request Forgery (CSRF) and is associated with several API endpoints, including "goform/AddNewProfile", "goform/setWanDisconnect", "goform/setSMSAutoRedirectSetting", "goform/setReset", and "goform/uploadBackupSettings".

Recommendations For versions before EE60 00 05.00 31, update to version EE60 00 05.00 31 or later to resolve the issue. As a temporary workaround, consider restricting access to the mentioned API endpoints until a patch is available.