vendor:
CT-5361T ADSL Router
by:
SecurityFocus
7,5
CVSS
HIGH
Cross-Site Scripting and Cross-Site Request-Forgery
79,352
CWE
Product Name: CT-5361T ADSL Router
Affected Version From: A111-312SSG-T02_R01
Affected Version To: A111-312SSG-T02_R01
Patch Exists: YES
Related CWE: N/A
CPE: h:comtrend:ct-5361t_adsl_router
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013
Comtrend CT-5361T ADSL Router Cross-Site Scripting and Cross-Site Request-Forgery Vulnerabilities
Comtrend CT-5361T ADSL Router is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, add, delete or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
Mitigation:
Users should avoid following untrusted links and should never enter sensitive information into a web page unless they are certain that the page is secure.
