Lucene search

[email protected]NVD:CVE-2015-5991

HistorySep 21, 2015 - 10:59 a.m.

CVE-2015-5991

2015-09-2110:59:06

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.6%

JSON

Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perform setup operations, as demonstrated by modifying network settings.

Affected configurations

NVD

Node

philippine_long_distance_telephonespeedsurf_504an_firmwareMatchgan9.8u26-4-tx-r6b018-hp.en

AND

philippine_long_distance_telephonespeedsurf_504an

Node

philippine_long_distance_telephonekasda_kw58293_firmwareMatch-

AND

philippine_long_distance_telephonekasda_kw58293

References

www.kb.cert.org/vuls/id/525276

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.6%

JSON

Related for NVD:CVE-2015-5991

prion1 cvelist1 cve1 cert1