Cross site request forgery (csrf)

2017-02-2120:59:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.

CPENameOperatorVersion
dg-hr1400_firmwareeq1.00.02

CPE	Name	Operator	Version
	dg-hr1400_firmware	eq	1.00.02

References

seclists.org/fulldisclosure/2017/Feb/66

www.securityfocus.com/bid/96369

drive.google.com/file/d/0B6715xUqH18MeV9GOVE0ZmFrQUU/view