Description
Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open
Scores
CVSS v3
6.5
EPSS
0.0093
EPSS Percentile
56.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-862
Status
published
Products (1)
rdkcentral/rdkb_ccsppandm
rdkb-20181217-1
Published
Jun 20, 2019
Tracked Since
Feb 18, 2026