Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:h:nec:atermwm3450rn:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:atermwm3600r:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:atermwr8160n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:atermwr8370n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:atermwr8600n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:atermwr9500n:-:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00184
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.
EPSS
Процентиль: 40%
0.00184
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352