2 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Sitecom WLM-2501, permite a atacantes remotos secuestrar la autenticación de los administradores para solicitudes que modifican la configuración para (1) Mac Filtering mediante admin/formFilter, (2) IP/Port Filtering mediante formFilter, (3) Port Forwarding mediante formPortFw, (4) Wireless Access Control mediante admin/formWlAc, (5) Wi-Fi Protected Setup mediante formWsc, (6) URL Blocking Filter mediante formURL, (7) Domain Blocking Filter mediante formDOMAINBLK, y (8) IP Address ACL Filter mediante admin/formACL en goform/, vectores diferentes a CVE-2012-1921. • https://www.exploit-db.com/exploits/18651 https://www.exploit-db.com/exploits/18597 http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities http://www.webapp-security.com/wp-content/uploads/2012/03/Sitecom-WLM-2501-new-Multiple-CSRF-Vulnerabilities-1.txt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en goform/admin/formWlEncrypt en Sitecom WLM-2501 permite a atacantes remotos secuestrar la autenticación de los administradores de las peticiones que cambian la contraseña del router a través del parámetro pskValue. • https://www.exploit-db.com/exploits/18651 https://www.exploit-db.com/exploits/18597 http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html http://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •