exploitDog

CVE-2021-32424

Опубликовано: 17 июн. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router.

Ссылки

https://github.com/Galapag0s/Trendnet_TW100-S4W1CA/blob/main/writeup_CSRF.txt
Third Party Advisory
https://github.com/Galapag0s/Trendnet_TW100-S4W1CA/blob/main/writeup_CSRF.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:trendnet:tw100-s4w1ca_firmware:2.3.32:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tw100-s4w1ca:-:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00305

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-hfjh-h3g2-p6m4

github

больше 3 лет назад

In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router.

EPSS

Процентиль: 53%

0.00305

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352