Lucene search

MitreVULNRICHMENT:CVE-2023-24048

HistoryDec 04, 2023 - 12:00 a.m.

CVE-2023-24048

2023-12-0400:00:00

mitre

github.com

cve-2023-24048

cross site request forgery

connectize ac21000

man_password.htm

AI Score

7.3

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:connectize:ac21000_g6_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "connectize",
    "product": "ac21000_g6_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "641.139.1.1256"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/