CVE-2017-11646

Published: Jul 28, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device.

Affected (2)

Products: Netcomm: 4gt101w Software, 4gt101w Bootloader

2 products

4gt101w Software

4gt101w Bootloader

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Netcomm 4gt101w Software	Version 1.1.8.8
Netcomm 4gt101w Bootloader	Version 1.1.3

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html

Source: cve@mitre.org

Third Party Advisory

https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.