CVE-2017-11649

Name of the Vulnerable Software and Affected Versions DrayTek Vigor AP910C version 1.2.0 RC3 build r6594

Description A cross-site request forgery issue allows remote attackers to hijack user authentication for requests that enable SNMP on the device. This is achieved via vectors involving the "goform/setSnmp" endpoint.

Recommendations For DrayTek Vigor AP910C version 1.2.0 RC3 build r6594, consider disabling the goform/setSnmp endpoint until a patch is available to prevent exploitation. Restrict access to the SNMP configuration to minimize the risk of unauthorized changes.