CVE-2007-4317

Name of the Vulnerable Software and Affected Versions ZyNOS firmware version 3.62(WK.6)

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the management interface of the affected firmware. These vulnerabilities allow remote attackers to perform certain actions as administrators. Specifically, this can be demonstrated by a request to "Forms/General 1" with the sysSystemName and sysDomainName parameters.

Recommendations For ZyNOS firmware version 3.62(WK.6), consider disabling access to the "Forms/General 1" endpoint until a patch is available. Additionally, restrict the use of the sysSystemName and sysDomainName parameters in the management interface to minimize the risk of exploitation.