CVE-2018-12456

Published: Oct 10, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.

Affected (1)

Products: Intelbras: Nplug Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intelbras Nplug Firmware	Version 1.0.0.14

Running on/with	Platform Versions
Intelbras Nplug	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://seclists.org/fulldisclosure/2018/Oct/18

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2018/Oct/18

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

Timeline

No history available yet.