CVE-2017-6127
HIGHDIGISOL DG-HR1400 Firmware 1.00.02 - Cross-Site Request Forgery via form2WlanBasicSetup.cgi
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Feb/66
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96369
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/file/d/0B6715xUqH18MeV9GOVE0ZmFrQUU/view
Scores
CVSS v3
8.8
EPSS
0.0080
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
digisol/dg-hr1400_firmware
1.00.02
Published
Feb 21, 2017
Tracked Since
Feb 18, 2026