PT-2015-7100 · Kasda+1 · Kasda Kw58293+1
Eskie Cirrus James Maquilang
·
Published
2015-09-21
·
Updated
2015-09-21
·
CVE-2015-5991
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN
Kasda KW58293 devices
Description
A cross-site request forgery (CSRF) issue exists in the form2WlanSetup.cgi file, allowing remote attackers to hijack administrator authentication for requests that perform setup operations. This can be used to modify network settings.
Recommendations
For PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN, restrict access to the form2WlanSetup.cgi file until a patch is available.
For Kasda KW58293 devices, avoid using the form2WlanSetup.cgi file for setup operations until the issue is resolved.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kasda Kw58293
Pldt Speedsurf 504An