CVE-2015-2676

Currently unrated

Key Information:

Vendor: Asus
Status: Rt-g32 Firmware
Vendor: CVE Published:; 23 March 2015

Summary

Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.

References

http://seclists.org/fulldisclosure/2015/Mar/42

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/73294

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/130724/ASUS-RT-G32-C...

x_refsource_MISC

EPSS Score

3% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 23, 2015
Vulnerability Reserved
Mar 23, 2015