Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities

2010-02-16T00:00:00
ID EXPLOITPACK:4360BBC231046D189A6C3D072712C8FF
Type exploitpack
Reporter Ivan Markovic
Modified 2010-02-16T00:00:00

Description

Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/38261/info

Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities.

Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible. 

The following example URI is available:

http://www.example.com/password.cgi?sysPassword=BASE64_NEW_PASSWORD