Описание
Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.
Ссылки
- Broken Link
- Broken Link
- ExploitThird Party Advisory
- Broken Link
- Broken Link
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:comfast:cf-wr610n_firmware:2.3.1:*:*:*:*:*:*:*
cpe:2.3:h:comfast:cf-wr610n:-:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00096
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 5.4
github
больше 2 лет назад
Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.
EPSS
Процентиль: 27%
0.00096
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-287
CWE-287