CVE-2018-12456
HIGHIntelbras NPLUG 1.0.0.14 - Cross-Site Request Forgery
Title source: llmDescription
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
References (1)
Core 1
Core References
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Oct/18
Scores
CVSS v3
8.8
EPSS
0.0089
EPSS Percentile
55.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
intelbras/nplug_firmware
1.0.0.14
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026