Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.
oryginał ENCVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:PA Link Wl54ap2
HWA-Link1.2.01.2.11.2.21.2.31.2.41.2.51.2.61.2.71.2.81.2.91.4.0≤ 1.4.1A Link Wl54ap3
HWA-Link1.2.01.2.11.2.21.2.31.2.41.2.51.2.61.2.71.2.81.2.91.4.0≤ 1.4.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE