Japan Vulnerability NotesJVN:59503133JVN#59503133: Multiple NEC mobile routers vulnerable to cross-site request forgery
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.9%
Multiple mobile routers provided by NEC contain a vulnerability in web-based management utility, which may result in a cross-site request forgery.
Impact
If a user views a malicious page while logged in, settings of the product may be initialized, or the product may be rebooted.
Solution
Update the Software
Update to the latest version of the firmware provided by the developer.
Apply a workaround
The following workaround, for products which have no revised firmware, may mitigate the affects of this vulnerability.
- Close the web browser when finished setting in web-based management utility, and delete Basic Authentication information immediately.
For more information, refer to the information provided by the developer.
Products Affected
A wide range of products are affected.
For more information, refer to the information provided by the developer.
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.9%