Cross-Site Request Forgery Vulnerability in Cisco Small Business Routers
CVE-2011-4005

Currently unrated

Key Information:

Vendor: Cisco
Status: Small Business Srp521w; Small Business Srp526w; Small Business Srp527w; Small Business Srp520 Series Firmware
Vendor: CVE Published:; 3 November 2011

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists within the web interface of the Cisco Small Business SRP521W, SRP526W, SRP527W, SRP541W, SRP546W, and SRP547W routers that allows remote attackers to execute arbitrary commands by hijacking the session of authenticated administrators. This flaw affects devices running firmware versions prior to specified thresholds and exposes management functionalities to unauthorized access, leading to potential system compromises.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://secunia.com/advisories/46664

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1026266

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Nov 3, 2011
Vulnerability Reserved
Oct 6, 2011