PT-2015-7099 · Belkin · Belkin F9K1102
Joel Land
·
Published
2015-12-31
·
Updated
2015-12-31
·
CVE-2015-5989
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Belkin F9K1102 version 2.10.17
Description
The issue allows remote attackers to obtain administrative privileges by making certain changes to
LockStatus and Login Success values, as the device relies on client-side JavaScript code for authorization.Recommendations
For Belkin F9K1102 version 2.10.17, consider disabling the use of client-side JavaScript code for authorization until a patch is available. Restrict access to administrative privileges to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Belkin F9K1102