CVE-2018-12456

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
References
Link Resource
http://seclists.org/fulldisclosure/2018/Oct/18 Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2018/Oct/18 Exploit Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intelbras:nplug_firmware:1.0.0.14:*:*:*:*:*:*:*
cpe:2.3:h:intelbras:nplug:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:45

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2018/Oct/18 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2018/Oct/18 - Exploit, Mailing List, Third Party Advisory

Information

Published : 2018-10-10 21:29

Updated : 2024-11-21 03:45


NVD link : CVE-2018-12456

Mitre link : CVE-2018-12456

CVE.ORG link : CVE-2018-12456


JSON object : View

Products Affected

intelbras

  • nplug_firmware
  • nplug
CWE
CWE-352

Cross-Site Request Forgery (CSRF)