Eskie Cirrus James Maquilang

#14176of 53,635
18.9Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2015-7100
6.8
2015-09-21
Kasda · Kasda Kw58293 · CVE-2015-5991
**Name of the Vulnerable Software and Affected Versions** PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN Kasda KW58293 devices **Description** A cross-site request forgery (CSRF) issue exists in the form2WlanSetup.cgi file, allowing remote attackers to hijack administrator authentication for requests that perform setup operations. This can be used to modify network settings. **Recommendations** For PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN, restrict access to the form2WlanSetup.cgi file until a patch is available. For Kasda KW58293 devices, avoid using the form2WlanSetup.cgi file for setup operations until the issue is resolved.
PT-2015-7101
4.3
2015-09-21
Kasda · Kasda Kw58293 · CVE-2015-5992
**Name of the Vulnerable Software and Affected Versions** PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN Kasda KW58293 devices **Description** A cross-site scripting (XSS) issue exists in the form2WlanSetup.cgi file, allowing remote attackers to inject arbitrary web script or HTML via the `ssid` parameter. This could potentially lead to unauthorized actions on the device. **Recommendations** For PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN, avoid using the `ssid` parameter in the form2WlanSetup.cgi file until the issue is resolved. For Kasda KW58293 devices, restrict access to the form2WlanSetup.cgi file to minimize the risk of exploitation.
PT-2015-7102
7.8
2015-09-21
Kasda · Kasda Kw58293 · CVE-2015-5993
**Name of the Vulnerable Software and Affected Versions** PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN Kasda KW58293 devices **Description** The issue is related to a buffer overflow in the form2ping.cgi file, which can be exploited by remote attackers to cause a denial of service, resulting in a device outage. This is achieved by sending a long `ipaddr` parameter. **Recommendations** For PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN, avoid using the `ipaddr` parameter in the form2ping.cgi file until the issue is resolved. For Kasda KW58293 devices, restrict access to the form2ping.cgi file to minimize the risk of exploitation.