exploitDog

CVE-2020-12123

Опубликовано: 02 окт. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 7.8

EPSS Низкий

Описание

CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.

Ссылки

https://cerne.xyz/bugs/CVE-2020-12123
Third Party Advisory
https://www.wavlink.com/en_us/product/WL-WN530H4.html
Product
Vendor Advisory
https://cerne.xyz/bugs/CVE-2020-12123
Third Party Advisory
https://www.wavlink.com/en_us/product/WL-WN530H4.html
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

8.1 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-c438-hq8x-xh4m

github

больше 3 лет назад

CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.

EPSS

Процентиль: 34%

0.00136

Низкий

8.1 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-352