ID
VAR-201301-0216
CVE
CVE-2012-1922
TITLE
Sitecom WLM-2501 Vulnerable to cross-site request forgery
Trust: 0.8
DESCRIPTION
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921. Sitecom WLM-2501 Contains a cross-site request forgery vulnerability. The Sitecom WLM-2501 is a router device. Sitecom WLM-2501 has multiple CSRF vulnerabilities. Attackers build malicious URIs, entice users to resolve, perform administrator actions in the target user context, and change router parameters
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['network device'] | sub_category: | router | Trust: 0.1 |
AFFECTED PRODUCTS
| vendor: | sitecom | model: | wlm-2501 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | sitecom | model: | wlm-2501 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sitecom | model: | wlm-2501 | scope: | eq | version: | 0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
cross-site request forgery
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Wireless Modem Router 300N WLM-2501 | url: | http://www.sitecom.com/wireless-modem-router-300n/p/859 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2012-1922 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2013-001239 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2013-00535 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201301-477 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
REFERENCES
| url: | http://www.webapp-security.com/wp-content/uploads/2012/03/sitecom-wlm-2501-new-multiple-csrf-vulnerabilities-1.txt | Trust: 1.6 |
| url: | http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities | Trust: 1.6 |
| url: | http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities/ | Trust: 1.4 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1922 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1922 | Trust: 0.8 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
SOURCES
| db: | OTHER | id: | - |
| db: | CNVD | id: | CNVD-2013-00535 |
| db: | JVNDB | id: | JVNDB-2013-001239 |
| db: | CNNVD | id: | CNNVD-201301-477 |
| db: | NVD | id: | CVE-2012-1922 |
LAST UPDATE DATE
2025-04-11T22:12:02.010000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-00535 | date: | 2013-05-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-001239 | date: | 2013-01-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-201301-477 | date: | 2013-01-25T00:00:00 |
| db: | NVD | id: | CVE-2012-1922 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-00535 | date: | 2013-01-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-001239 | date: | 2013-01-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-201301-477 | date: | 2013-01-24T00:00:00 |
| db: | NVD | id: | CVE-2012-1922 | date: | 2013-01-24T01:55:02.223 |