PT-2013-4568 · Brickcom · Brickcom Osd-040E+4
Jonás Ropero Castillo
·
Published
2013-10-01
·
Updated
2025-03-04
·
CVE-2013-3690
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Brickcom FB-100Ap versions 3.1.0.8 and earlier
Brickcom WCB-100Ap versions 3.1.0.8 and earlier
Brickcom MD-100Ap versions 3.1.0.8 and earlier
Brickcom WFB-100Ap versions 3.1.0.8 and earlier
Brickcom OB-100Ae versions 3.1.0.8 and earlier
Brickcom OSD-040E versions 3.1.0.8 and earlier
Description
A cross-site request forgery (CSRF) issue exists in the cgi-bin/users.cgi file, allowing remote attackers to hijack the authentication of administrators for requests that add users.
Recommendations
For Brickcom FB-100Ap version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom WCB-100Ap version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom MD-100Ap version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom WFB-100Ap version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom OB-100Ae version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
For Brickcom OSD-040E version 3.1.0.8 and earlier, update the firmware to a version later than 3.1.0.8.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brickcom Fb-100Ap
Brickcom Md-100Ap
Brickcom Ob-100Ae
Brickcom Osd-040E
Brickcom Wcb-100Ap