CVE-2012-5320

Sagem F@ST 2604 - Cross-Site Request Forgery via sysPassword Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5320. PoCs published by KinG Of PiraTeS.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in the Sagem F@ST 2604 router, allowing an attacker to change the admin password by tricking a logged-in user into visiting a malicious HTML page. The exploit submits a form to the router's password.cgi endpoint with a new password.

Description

Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

Exploits (1)

exploitdb WORKING POC
by KinG Of PiraTeS · textwebappshardware
https://www.exploit-db.com/exploits/18504

This exploit demonstrates a CSRF vulnerability in the Sagem F@ST 2604 router, allowing an attacker to change the admin password by tricking a logged-in user into visiting a malicious HTML page. The exploit submits a form to the router's password.cgi endpoint with a new password.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Sagem F@ST 2604 (version 253180972B, possibly others)
Auth required
Prerequisites: Victim must be authenticated to the router's web interface · Attacker must trick the victim into visiting the malicious HTML page
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73380
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/79649
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48088
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18504

Scores

EPSS 0.0109
EPSS Percentile 61.2%

Details

CWE
CWE-352
Status published
Products (2)
sagem/f\@st_2604
sagem/f\@st_2604_firmware 253180972b
Published Oct 08, 2012
Tracked Since Feb 18, 2026