CVE-2018-10080

Name of the Vulnerable Software and Affected Versions Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52 es FRI01

Description The issue is related to insufficient authentication of data, which can be exploited by a remote attacker to change DNS settings. This can be achieved by sending a crafted request to the "goform/AdvSetDns?GO=wan dns.asp" endpoint in conjunction with a crafted admin cookie, specifically the admin cookie.

Recommendations For Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52 es FRI01, consider restricting access to the "goform/AdvSetDns?GO=wan dns.asp" endpoint until a patch is available. As a temporary workaround, avoid using the admin cookie in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.