// For flags

CVE-2018-12456

NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.

Los dispositivos de repetidores inalámbricos Intelbras NPLUG 1.0.0.14 no tienen protección de tokens Cross-Site Request Forgery (CSRF) en la interfaz web, lo que permite que los atacantes realicen acciones como el cambio del SSID inalámbrico, reiniciar el dispositivo, editar listas de control de acceso o activar el acceso remoto.

NPLUG Wireless Repeater version 1.0.0.14 suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-06-15 CVE Reserved
  • 2018-10-09 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
URL Tag Source
URL Date SRC
http://seclists.org/fulldisclosure/2018/Oct/18 2024-08-05
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Intelbras
Search vendor "Intelbras"
 Nplug Firmware
Search vendor "Intelbras" for product "Nplug Firmware"
 1.0.0.14
Search vendor "Intelbras" for product "Nplug Firmware" and version "1.0.0.14"
-
Affected
in Intelbras
Search vendor "Intelbras"
 Nplug
Search vendor "Intelbras" for product "Nplug"
--
Safe