Cross-Site Request Forgery in Netis DL4323 Devices
CVE-2019-20071

6.5MEDIUM

Key Information:

Vendor

Netis-systems

Status
Dl4343 Firmware
Vendor
CVE Published:
30 December 2019

What is CVE-2019-20071?

The Netis DL4323 devices are susceptible to Cross-Site Request Forgery (CSRF) vulnerabilities, allowing attackers to send unauthorized commands via crafted requests. This vulnerability specifically targets the log management feature through the form2logaction.cgi interface, enabling attackers to remotely delete all logs from the device without proper authorization. Users are advised to implement necessary security measures to mitigate these risks.

References

https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBE...
x_refsource_MISC
https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7...
x_refsource_MISC
https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerabili...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-20071 : Cross-Site Request Forgery in Netis DL4323 Devices