Cross-Site Request Forgery in Linksys EA4500 Devices by Cisco
CVE-2017-10677

8.8HIGH

Key Information:

Vendor: Linksys
Status: Ea4500 Firmware
Vendor: CVE Published:; 6 August 2017

What is CVE-2017-10677?

A Cross-Site Request Forgery vulnerability affects Linksys EA4500 devices running firmware prior to version 2.1.41.164606, allowing attackers to perform unauthorized actions on behalf of users. This vulnerability can be exploited by sending a crafted request, which may manipulate device settings without user consent. Owners of these devices should ensure they are running the latest firmware to mitigate the risk of exploitation.

References

https://iscouncil.blogspot.com/2017/08/cross-site-request...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2017
Vulnerability Reserved
Jun 29, 2017