CVE-2013-0126

Опубликовано: 21 мар. 2013

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

Ссылки

http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html
Exploit
http://www.exploit-db.com/exploits/24860/
Exploit
http://www.kb.cert.org/vuls/id/278204
US Government Resource
http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html
Exploit
http://www.exploit-db.com/exploits/24860/
Exploit
http://www.kb.cert.org/vuls/id/278204
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:verizon:fios_actiontec_mi424wr-gen31_router_firmware:40.19.36:*:*:*:*:*:*:*

cpe:2.3:h:verizon:fios_actiontec_mi424wr-gen31_router:-:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00938

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-9q7x-frf8-7235

github

почти 4 года назад