Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.
References
Link | Resource |
---|---|
http://cf-wr6110n.com | Broken Link |
http://comfast.com | Broken Link |
http://sn0ox.com/research/2023/02/05/CVE-COMFAST-CF-WR610N.html | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
Information
Published : 2023-02-13 14:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-45724
Mitre link : CVE-2022-45724
CVE.ORG link : CVE-2022-45724
JSON object : View
Products Affected
comfast
- cf-wr610n_firmware
- cf-wr610n
CWE
CWE-287
Improper Authentication