CVE-2012-1921

Name of the Vulnerable Software and Affected Versions Sitecom WLM-2501

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack administrator authentication for requests that change the router passphrase via the pskValue parameter in the goform/admin/formWlEncrypt endpoint.

Recommendations For Sitecom WLM-2501, as a temporary workaround, consider restricting access to the goform/admin/formWlEncrypt endpoint until a patch is available. Avoid using the pskValue parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.