CVE-2017-6127

Name of the Vulnerable Software and Affected Versions DIGISOL DG-HR1400 Wireless Router version 1.00.02

Description The issue affects the access portal on the DIGISOL DG-HR1400 Wireless Router, where multiple cross-site request forgery (CSRF) vulnerabilities exist. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests, including changing the SSID, changing the Wi-Fi password, or possibly having other unspecified impacts. This is achieved via crafted requests to the "form2WlanBasicSetup.cgi" API endpoint.

Recommendations For DIGISOL DG-HR1400 Wireless Router version 1.00.02, as a temporary workaround, consider restricting access to the "form2WlanBasicSetup.cgi" API endpoint until a patch is available. Additionally, avoid using the access portal on this version to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.