CSRF Vulnerability in Intelbras NPLUG Wireless Repeater
CVE-2018-12456

8.8HIGH

Key Information:

Vendor: Intelbras
Status: Nplug Firmware
Vendor: CVE Published:; 10 October 2018

Summary

The Intelbras NPLUG 1.0.0.14 wireless repeater is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability due to its lack of CSRF token protection in the web interface. This oversight allows attackers to exploit the device by executing unauthorized actions, such as modifying the wireless SSID, rebooting the device, altering access control lists, or enabling remote access, thereby compromising network security.

References

http://seclists.org/fulldisclosure/2018/Oct/18

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2018
Vulnerability Reserved
Jun 15, 2018