vendor:
HG510
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Request Forgery
Unknown
CWE
Product Name: HG510
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-Unknown
CPE: h:huawei:hg510
Platforms Tested:
Unknown
Multiple Cross-Site Request Forgery Vulnerabilities in Huawei HG510
Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities. Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible. The following example URI is available: http://www.example.com/password.cgi?sysPassword=BASE64_NEW_PASSWORD.
Mitigation:
Implement strong CSRF protections, validate and sanitize user input, and regularly update the firmware to the latest version.