CVE-2018-10080
HIGHSecutech RiS-11, RiS-22, RiS-33 <5.07.52_es_FRI01 - CSRF
Title source: llmDescription
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.
Exploits (1)
exploitdb
WORKING POC
by Todor Donev · bashwebappshardware
https://www.exploit-db.com/exploits/44393
Scores
CVSS v3
8.6
EPSS
0.0011
EPSS Percentile
28.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Details
CWE
CWE-345
Status
published
Products (3)
secutech_project/ris-11_firmware
5.07.52_es_fri01
secutech_project/ris-22_firmware
5.07.52_es_fri01
secutech_project/ris-33_firmware
5.07.52_es_fri01
Published
Apr 13, 2018
Tracked Since
Feb 18, 2026