CSRF Change Admin Password And Add User

vendor:

Wag120n

by:

Khashayar Fereidani

7.5

CVSS

HIGH

CSRF

CWE

Product Name: Wag120n

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

CSRF Change Admin Password And Add User

This exploit allows an attacker to change the admin password and add a user on Linksys Cisco Wag120n and similar versions. The attacker can use the 'sysPasswd' and 'sysConfirmPasswd' fields to set a new password.

Mitigation:

Source

CSRF Change Admin Password And Add User

Mitigation:

Exploit-DB raw data: