CVE-2018-12456

HIGH

Intelbras NPLUG 1.0.0.14 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.

References (1)

Core 1
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Oct/18

Scores

CVSS v3 8.8
EPSS 0.0089
EPSS Percentile 55.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
intelbras/nplug_firmware 1.0.0.14
Published Oct 10, 2018
Tracked Since Feb 18, 2026