Sagem · Sagem F@St 2604 · CVE-2012-5320
**Name of the Vulnerable Software and Affected Versions**
Sagem F@ST 2604 version 253180972B
**Description**
A cross-site request forgery issue exists, allowing remote attackers to hijack administrator authentication for requests that change the administrator password via the `sysPassword` parameter.
**Recommendations**
For Sagem F@ST 2604 version 253180972B, as a temporary workaround, consider restricting access to the password.cgi module to minimize the risk of exploitation. Avoid using the `sysPassword` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.