PT-2014-2650 · Linksys · Linksys Wrt310N

Published

2014-09-29

Updated

2014-10-01

CVE-2013-3068

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linksys WRT310Nv2 version 2.0.0.1

Description A cross-site request forgery issue affects the apply.cgi component, allowing remote attackers to hijack administrator authentication for requests that modify passwords and remote management ports.

Recommendations For version 2.0.0.1, as a temporary workaround, consider restricting access to the apply.cgi component until a patch is available. Avoid using the apply.cgi component for sensitive operations, such as changing passwords or modifying remote management ports, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2013-3068

Affected Products

Linksys Wrt310N

PT-2014-2650 · Linksys · Linksys Wrt310N

CVE-2013-3068

Weakness Enumeration

Related Identifiers

Affected Products

References · 3