CVE-2012-1922

Name of the Vulnerable Software and Affected Versions Sitecom WLM-2501

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests that modify various settings, including Mac Filtering via admin/formFilter, IP/Port Filtering via formFilter, Port Forwarding via formPortFw, Wireless Access Control via admin/formWlAc, Wi-Fi Protected Setup via formWsc, URL Blocking Filter via formURL, Domain Blocking Filter via formDOMAINBLK, and IP Address ACL Filter via admin/formACL in goform/.

Recommendations For Sitecom WLM-2501, as a temporary workaround, consider disabling the modification of settings via the affected API endpoints until a patch is available. Restrict access to the goform/ directory to minimize the risk of exploitation. Avoid using the vulnerable forms in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.