Gabriel Gonzalez García

Name of the Vulnerable Software and Affected Versions: Comtrend router WLD71-T1 version 2.0.201820 Comtrend router GRG-4280us version (affected versions not specified) Description: The issue is a command injection vulnerability that could allow an authenticated user to execute commands inside the router by making a POST request to the "/boaform/admin/formUserTracert" API endpoint. Recommendations: For Comtrend router WLD71-T1 version 2.0.201820, consider restricting access to the "/boaform/admin/formUserTracert" API endpoint until a patch is available. For Comtrend router GRG-4280us, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Comtrend router WLD71-T1 version 2.0.201820 Comtrend router GRG-4280us version Description: The issue allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated. This is a Cross-Site Request Forgery vulnerability. Recommendations: For Comtrend router WLD71-T1 version 2.0.201820, update to a version that includes a fix for this issue. For Comtrend router GRG-4280us, update to a version that includes a fix for this issue. As a temporary workaround, consider implementing measures to prevent cross-site request forgery, such as validating requests and using anti-CSRF tokens.