CVE-2013-6852
HP 2620-24-PoE+ Switch - Cross-Site Request Forgery via setPassword Method
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-6852. PoCs published by Hubert Gradek.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in the Hewlett-Packard 2620 Switch Series, allowing an attacker to change the admin password via a crafted POST request. The exploit requires the victim to be authenticated and tricked into submitting the request.
Description
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
Exploits (1)
This exploit demonstrates a CSRF vulnerability in the Hewlett-Packard 2620 Switch Series, allowing an attacker to change the admin password via a crafted POST request. The exploit requires the victim to be authenticated and tricked into submitting the request.