Cross-Site Request Forgery Vulnerability in Belkin F9K1102 Devices
CVE-2015-5990

8.8HIGH

Key Information:

Vendor: Zyxel
Status: Gs1900-10HP Firmware
Vendor: CVE Published:; 31 December 2015

What is CVE-2015-5990?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Belkin F9K1102 devices running firmware version 2.10.17. This flaw allows remote attackers to exploit the affected devices by hijacking the authentication process of arbitrary users, leading to unauthorized actions being performed on behalf of legitimate users. It is crucial for users to implement preventive measures and updates to safeguard their systems from potential attacks.

References

https://www.kb.cert.org/vuls/id/201168

third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2015
Vulnerability Reserved
Aug 14, 2015

Zyxel

What is CVE-2015-5990?

References

CVSS V3.1

Timeline