PT-2022-8683 · Optilink · Optilink Op-Xt71000N

Disguised_Noob

Published

2022-11-23

Updated

2022-11-23

CVE-2020-23590

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Optilink OP-XT71000N Hardware version: V2.2, Firmware Version: OP V3.3.1-191028

Description A vulnerability allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through the "wlwpa.asp" page.

Recommendations For Optilink OP-XT71000N Hardware version: V2.2, Firmware Version: OP V3.3.1-191028, consider disabling access to the "wlwpa.asp" page until a patch is available to prevent CSRF attacks. Restrict access to the WLAN SSID password change functionality to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-23590

Affected Products

Optilink Op-Xt71000N

PT-2022-8683 · Optilink · Optilink Op-Xt71000N

CVE-2020-23590

Weakness Enumeration

Related Identifiers

Affected Products

References · 5