CVE-2019-6961
CVE-2019-6961 concerns the RDK WebUI module (RDKB-20181217-1) where access control for non-superuser actions is only enforced for GET requests; direct AJAX/POST requests bypass filtering in header.php, allowing a logged-in user to alter privileged settings (DDNS, QoS, RIP, etc.). The vulnerabilit...