Details of VAR-201203-0518

ID

VAR-201203-0518

TITLE

Sitecom WLM-2501 Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-1562

DESCRIPTION

The Sitecom WLM-2501 is a router device. Sitecom WLM-2501 has multiple CSRF vulnerabilities. Attackers build malicious URIs, entice users to resolve, perform administrator actions in the target user context, and change router parameters. Sitecom WLM-2501 is prone to multiple cross-site request-forgery vulnerabilities because the device fails to properly validate HTTP requests. Attackers can exploit these issues to gain unauthorized access to the affected device and perform certain administrative actions

Trust: 0.81

sources: CNVD: CNVD-2012-1562 // BID: 52700

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-1562

AFFECTED PRODUCTS

vendor:

sitecom

model:

wlm-2501

scope:

version:

Trust: 0.9

sources: CNVD: CNVD-2012-1562 // BID: 52700

THREAT TYPE

network

Trust: 0.3

sources: BID: 52700

TYPE

Design Error

Trust: 0.3

sources: BID: 52700

EXTERNAL IDS

db:	BID	id:	52700	Trust: 0.9
db:	CNVD	id:	CNVD-2012-1562	Trust: 0.6

sources: CNVD: CNVD-2012-1562 // BID: 52700

REFERENCES

url:	http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities/	Trust: 0.9
url:	http://www.sitecom.com/wireless-modem-router-300n/p/859	Trust: 0.3

sources: CNVD: CNVD-2012-1562 // BID: 52700

CREDITS

Ivano Binetti

Trust: 0.3

sources: BID: 52700

SOURCES

db:	CNVD	id:	CNVD-2012-1562
db:	BID	id:	52700

LAST UPDATE DATE

2022-05-17T02:04:44.285000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-1562	date:	2012-03-27T00:00:00
db:	BID	id:	52700	date:	2012-03-22T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-1562	date:	2012-03-27T00:00:00
db:	BID	id:	52700	date:	2012-03-22T00:00:00