vendor:
FASTgate
by:
Raffaele Sabato
8.8
CVSS
HIGH
Cross-site request forgery (CSRF)
352
CWE
Product Name: FASTgate
Affected Version From: 0.00.47
Affected Version To: 0.00.47
Patch Exists: YES
Related CWE: CVE-2018-6023
CPE: h:fastweb:fastgate
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: None
2018
Fastweb FASTgate 0.00.47 CSRF
An issue was discovered in Fastweb FASTgate 0.00.47 device. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify the configuration. This vulnerability may lead to Gues Wi-Fi activating, Wi-Fi password changing, etc.
Mitigation:
Fastweb independently patched customer devices with non-vulneable version .67 from December 2017 thru March 2018.
