Kumar Saurav

**Name of the Vulnerable Software and Affected Versions** ChinaMobile PLC Wireless Router GPN2.4P21-C-CN version W2001EN-00 **Description** The issue allows an attacker to change the Wireless Security Password due to a CSRF vulnerability via the "cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity" URI. **Recommendations** For ChinaMobile PLC Wireless Router GPN2.4P21-C-CN version W2001EN-00, as a temporary workaround, consider restricting access to the "cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN version W2001EN-00 Description: The issue concerns a problem with the cgi-bin/webproc endpoint, specifically the getpage parameter, where the var:subpage parameter is vulnerable. This allows for XSS attacks. Recommendations: For ChinaMobile PLC Wireless Router GPN2.4P21-C-CN version W2001EN-00, avoid using the `subpage` parameter in the "cgi-bin/webproc?getpage=html/index.html" endpoint until the issue is resolved.