CVE-2022-43470

Name of the Vulnerable Software and Affected Versions +F FS040U versions v2.3.4 and earlier +F FS020W versions v4.0.0 and earlier +F FS030W versions v3.3.5 and earlier +F FS040W versions v1.4.1 and earlier

Description A cross-site request forgery (CSRF) issue allows an adjacent attacker to hijack the authentication of an administrator and user, potentially leading to unintended operations such as rebooting the product and/or resetting the configuration to the initial set-up.

Recommendations For +F FS040U versions v2.3.4 and earlier, consider disabling access to sensitive operations until a patch is available. For +F FS020W versions v4.0.0 and earlier, restrict access to the product's configuration settings to minimize the risk of exploitation. For +F FS030W versions v3.3.5 and earlier, avoid using the product's web interface for critical operations until the issue is resolved. For +F FS040W versions v1.4.1 and earlier, limit user privileges to prevent unintended actions. As a temporary workaround, consider implementing additional authentication measures, such as re-authentication for sensitive operations, until a patch is available.