CVE-2020-23589

Name of the Vulnerable Software and Affected Versions OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP V3.3.1-191028

Description A vulnerability allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack, causing a Denial of Service by rebooting the router through the "/mgm dev reboot.asp" API endpoint.

Recommendations For OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP V3.3.1-191028, as a temporary workaround, consider restricting access to the "/mgm dev reboot.asp" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.