CVE-2012-1921

Sažetak

Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter.

Reference

http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html
http://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

24-01-2013 - 05:00

Objavljeno

26-08-2012 - 20:55