CVE-2017-9930

HIGH

Green Packet DX-350 Firmware v2.8.9.5-g1.4.8-atheeb - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0048
EPSS Percentile 37.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
greenpacket/dx-350_firmware 2.8.9.5-g1.4.8-atheeb
Published Jul 21, 2017
Tracked Since Feb 18, 2026