CVE-2017-6127

HIGH

DIGISOL DG-HR1400 Firmware 1.00.02 - Cross-Site Request Forgery via form2WlanBasicSetup.cgi

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Feb/66
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96369
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/file/d/0B6715xUqH18MeV9GOVE0ZmFrQUU/view

Scores

CVSS v3 8.8
EPSS 0.0080
EPSS Percentile 52.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
digisol/dg-hr1400_firmware 1.00.02
Published Feb 21, 2017
Tracked Since Feb 18, 2026