CVE-2013-5039

Name of the Vulnerable Software and Affected Versions HOTBOX router version 2.1.11

Description A cross-site request forgery (CSRF) issue exists in the goform/wlanBasicSecurity endpoint, allowing remote attackers to hijack administrator authentication for requests that modify the WiFi Security field to Deactivated via the WifiSecurity parameter.

Recommendations For version 2.1.11, as a temporary workaround, consider restricting access to the goform/wlanBasicSecurity endpoint until a patch is available. Avoid using the WifiSecurity parameter in the affected endpoint until the issue is resolved.