Cross site request forgery (csrf)

2009-06-0416:30:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.

CPENameOperatorVersion
wl54ap2eq1.2.3
wl54ap2eq1.2.5
wl54ap2eq1.2.2
wl54ap2eq1.2.6
wl54ap2eq1.2.7
wl54ap2eq1.2.4
wl54ap2eq1.2.9
wl54ap2eq1.4.0
wl54ap2eq1.2.0
wl54ap2le1.4.1

Name	Operator	Version
wl54ap2	eq	1.2.3
wl54ap2	eq	1.2.5
wl54ap2	eq	1.2.2
wl54ap2	eq	1.2.6
wl54ap2	eq	1.2.7
wl54ap2	eq	1.2.4
wl54ap2	eq	1.2.9
wl54ap2	eq	1.4.0
wl54ap2	eq	1.2.0
wl54ap2	le	1.4.1

Rows per page:

1-10 of 241

References

osvdb.org/49466

secunia.com/advisories/32421

www.a-link.com/WL54AP3.html

www.louhinetworks.fi/advisory/alink_081028.txt

www.osvdb.org/49465

www.securityfocus.com/archive/1/497997/100/0/threaded

www.securityfocus.com/bid/32008

exchange.xforce.ibmcloud.com/vulnerabilities/46255

exchange.xforce.ibmcloud.com/vulnerabilities/46256

www.exploit-db.com/exploits/6899