CVE-2018-12456

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
References
Link Resource
http://seclists.org/fulldisclosure/2018/Oct/18 Exploit Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intelbras:nplug_firmware:1.0.0.14:*:*:*:*:*:*:*
cpe:2.3:h:intelbras:nplug:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-10-10 21:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-12456

Mitre link : CVE-2018-12456

CVE.ORG link : CVE-2018-12456


JSON object : View

Products Affected

intelbras

  • nplug_firmware
  • nplug
CWE
CWE-352

Cross-Site Request Forgery (CSRF)