CVE-2012-0314

Published: Feb 3, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.

Affected (2)

Products: Emobile: Pocket Wifi Firmware, Pocket Wifi

2 products

Pocket Wifi Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Emobile Pocket Wifi Firmware	Up to 11.203.11.05.168
Emobile Pocket Wifi	Up to 2.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

http://emobile.jp/topics/info20120201_01.html

Source: vultures@jpcert.or.jp

http://jvn.jp/en/jp/JVN33021167/index.html

Source: vultures@jpcert.or.jp

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000010

Source: vultures@jpcert.or.jp

http://secunia.com/advisories/47795

Source: vultures@jpcert.or.jp

http://www.securityfocus.com/bid/51782

Source: vultures@jpcert.or.jp

http://emobile.jp/topics/info20120201_01.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvn.jp/en/jp/JVN33021167/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000010

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/47795

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/51782

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.