CVE-2017-11646
HIGHNetComm Wireless 4GT101W - Cross-Site Request Forgery via Administration Interface
Title source: llmDescription
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html
Scores
CVSS v3
8.8
EPSS
0.0045
EPSS Percentile
36.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (2)
netcomm/4gt101w_bootloader
1.1.3
netcomm/4gt101w_software
1.1.8.8
Published
Jul 28, 2017
Tracked Since
Feb 18, 2026