header-logo
Suggest Exploit
vendor:
HG510
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Request Forgery
Unknown
CWE
Product Name: HG510
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-Unknown
CPE: h:huawei:hg510
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Multiple Cross-Site Request Forgery Vulnerabilities in Huawei HG510

Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities. Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible. The following example URI is available: http://www.example.com/password.cgi?sysPassword=BASE64_NEW_PASSWORD.

Mitigation:

Implement strong CSRF protections, validate and sanitize user input, and regularly update the firmware to the latest version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38261/info

Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities.

Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible. 

The following example URI is available:

http://www.example.com/password.cgi?sysPassword=BASE64_NEW_PASSWORD