CVE-2017-16886

Name of the Vulnerable Software and Affected Versions: FiberHome Mobile WIFI Device Model LM53Q1 version VH519R05C01S38

Description: The issue concerns unauthorized access to web services via CSRF, which can lead to changes in the administrator's username or password. This is due to the use of SOAP-based web services for interaction with the portal.

Recommendations: For FiberHome Mobile WIFI Device Model LM53Q1 version VH519R05C01S38, consider implementing CSRF protection mechanisms to prevent unauthorized access to web services, such as validating request tokens or using same-site cookies to restrict access. As a temporary workaround, restrict access to the web services API to minimize the risk of exploitation.