CVE-2018-25150

Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...

CVE-2018-25150

CVE-2018-25150 affects Ecessa ShieldLink SL175EHQ, version 10.7.4. The flaw is a cross-site request forgery that lets an attacker create an administrative user without authentication by luring a logged-in admin to load a crafted page (hidden form). Public references in connected documents corrobo...

CVE-2018-25150 Ecessa ShieldLink SL175EHQ 10.7.4 Cross-Site Request Forgery via User Configuration

Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...

CVE-2018-25150 Ecessa ShieldLink SL175EHQ 10.7.4 Cross-Site Request Forgery via User Configuration

Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...

Ecessa ShieldLink SL175EHQ 跨站请求伪造漏洞

Ecessa ShieldLink SL175EHQ is a multilink load balancing gateway from Ecessa USA. A cross-site request forgery vulnerability exists in Ecessa ShieldLink SL175EHQ version 10.7.4, which stems from susceptibility to a cross-site request forgery attack that could lead to the creation of an...

PT-2025-53370

Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...

Ecessa ShieldLink Detection (SNMP)

Checks if the target is an Ecessa ShieldLink or PowerLink device, and, if so, retrieves the version using SNMP. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Ecessa ShieldLink/PowerLink Detection (Telnet)

Checks if the target is an Ecessa ShieldLink or PowerLink device, and, if so, retrieves the version using Telnet. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Ecessa ShieldLink / PowerLink Detection Consolidation

Consolidation of Ecessa ShieldLink or PowerLink detections. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

ECESSA ShieldLink SL175EHQ Cross-Site Request Forgery Vulnerability

ECESSA ShieldLink SL175EHQ is a WAN link controller from ECESSA, which includes ISP/WAN link aggregation, load balancing and traffic monitoring. A cross-site request forgery vulnerability exists in ECESSA ShieldLink SL175EHQ version 10.7.4. A remote attacker can exploit this vulnerability to add ...

CVE-2018-13032

ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/plweb.cgi/utilconfigloginact URI...

Cross site request forgery (csrf)

ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/plweb.cgi/utilconfigloginact URI...

CVE-2018-13032

ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/plweb.cgi/utilconfigloginact URI...

CVE-2018-13032

ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/plweb.cgi/utilconfigloginact URI...

CVE-2018-13032

ECESSA ShieldLink SL175EHQ devices running in 10.7.4 are affected by a CSRF vulnerability in the cgi-bin/pl_web.cgi/util_configlogin_act endpoint, enabling an attacker to add a superuser account. The issue is documented across multiple sources (NVD/NVDC CNVD) with explicit version 10.7.4 and the ...

Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...

Ecessa ShieldLink SL175EHQ 10.7.4 Add Superuser Cross Site Request Forgery

input type="h...

Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4,...

Ecessa ShieldLink SL175EHQ &lt; 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Summary: Ecessa's ShieldLink 60, 175, 600,12...

Ecessa ShieldLink SL175EHQ 10.7.4 CSRF Add Superuser Exploit

Summary Ecessa's ShieldLink 60, 175, 600,1200 & 4000 are advanced, yet highly affordable secure WAN Optimization Controllers that incorporate all of the ISP/WAN link. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity...