Cross site request forgery (csrf)

2008-03-1017:44:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request.

References

vx.netlux.org/wargamevx/alice_gate2_pluswifi_PoC.zip

www.gnucitizen.org/projects/router-hacking-challenge/

www.securityfocus.com/archive/1/489009/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/41110