PT-2018-6357 · Fiberhome · Fiberhome Mobile Wifi Device Model Lm53Q1
Ibad Shah
·
Published
2018-01-12
·
Updated
2018-02-02
·
CVE-2017-16886
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
FiberHome Mobile WIFI Device Model LM53Q1 version VH519R05C01S38
Description:
The issue concerns unauthorized access to web services via CSRF, which can lead to changes in the administrator's username or password. This is due to the use of SOAP-based web services for interaction with the portal.
Recommendations:
For FiberHome Mobile WIFI Device Model LM53Q1 version VH519R05C01S38, consider implementing CSRF protection mechanisms to prevent unauthorized access to web services, such as validating request tokens or using same-site cookies to restrict access. As a temporary workaround, restrict access to the web services API to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fiberhome Mobile Wifi Device Model Lm53Q1