PT-2018-17110 · Dodocool · Dodocool Dc38
Raffaele Sabato
·
Published
2018-01-29
·
Updated
2018-02-21
·
CVE-2018-5720
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103
Description:
A Cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that modify settings, potentially leading to changes in user credentials, Wi-Fi passwords, and other settings.
Recommendations:
For DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103, as a temporary workaround, consider restricting access to the device's settings page to minimize the risk of exploitation. Avoid using the device until a patch or fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dodocool Dc38