Cross-Site Request Forgery in Linksys Router Software
CVE-2013-3068

Currently unrated

Key Information:

Vendor: Cisco
Status: Linksys Wrt310n Router Firmware; Linksys Wrt350n
Vendor: CVE Published:; 29 September 2014

Summary

A Cross-Site Request Forgery flaw exists in the Linksys WRT310Nv2 router, specifically within the apply.cgi module. This vulnerability can be exploited by remote attackers to bypass authentication, allowing them to execute unauthorized actions on behalf of an authenticated administrator. Such actions include changing passwords and modifying remote management settings, which can lead to unauthorized access and control of the device.

References

http://securityevaluators.com/knowledge/case_studies/rout...

x_refsource_MISC

http://securityevaluators.com/knowledge/case_studies/rout...

x_refsource_MISC

Timeline

Vulnerability published
Sep 29, 2014
Vulnerability Reserved
Apr 15, 2013