Nopesled

**Name of the Vulnerable Software and Affected Versions** Thomson TWG87OUIR (affected versions not specified) **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of victims for requests that change passwords. This is done via the `Password` and `PasswordReEnter` parameters to the "goform/RgSecurity" API endpoint. **Recommendations** As a temporary workaround, consider restricting access to the "goform/RgSecurity" API endpoint until a patch is available. Avoid using the `Password` and `PasswordReEnter` parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.