CVE-2017-6127

Published: Feb 21, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.

Affected (1)

Products: Digisol: Dg Hr1400 Firmware

1 product

Dg Hr1400 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Digisol Dg Hr1400 Firmware	Version 1.00.02

Running on/with	Platform Versions
Digisol Dg Hr1400	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://seclists.org/fulldisclosure/2017/Feb/66

Source: cve@mitre.org

http://www.securityfocus.com/bid/96369

Source: cve@mitre.org

https://drive.google.com/file/d/0B6715xUqH18MeV9GOVE0ZmFrQUU/view

Source: cve@mitre.org

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2017/Feb/66

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/96369

Source: af854a3a-2127-422b-91ae-364da2661108

https://drive.google.com/file/d/0B6715xUqH18MeV9GOVE0ZmFrQUU/view

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.