CVE-2017-16886

Published: Jan 12, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.

Affected (1)

Products: Fiberhome: Lm53q1 Firmware

1 product

Lm53q1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fiberhome Lm53q1 Firmware	Version vh519r05c01s38

Running on/with	Platform Versions
Fiberhome Lm53q1	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://seclists.org/fulldisclosure/2018/Jan/28

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.exploit-db.com/exploits/43460/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Jan/28

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.exploit-db.com/exploits/43460/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.