CVE-2023-24048

Name of the Vulnerable Software and Affected Versions Connectize AC21000 G6 version 641.139.1.1256

Description A Cross Site Request Forgery (CSRF) vulnerability exists, allowing attackers to gain control of the device via a crafted GET request to /man password.htm. This issue is related to the web interface of the Connectize G6 AC2100 router's firmware and can be exploited by a remote attacker to perform a CSRF attack.

Recommendations For version 641.139.1.1256, as a temporary workaround, consider restricting access to the /man password.htm endpoint until a patch is available. Avoid using this endpoint in untrusted environments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.