漏洞标题
N/A
漏洞描述信息
在Securifi Almond、Almond+和Almond 2015设备上发现了AL-R096固件的问题。该设备为用户提供了更改网页管理界面管理员密码的能力。似乎该设备没有实现任何跨站点请求伪造保护机制,这使攻击者能够欺骗登录到网页管理界面的用户更改用户密码。此外,这是一个系统问题。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change a user's password. Also this is a systemic issue.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Securifi Almond 跨站请求伪造漏洞
漏洞描述信息
Securifi Almond是一款带有触控屏幕的无线路由器。 使用AL-R096版本固件的Securifi Almond、Almond+和Almond 2015中存在服务器端请求伪造漏洞。远程攻击者可利用该漏洞诱使用户修改用户密码。
CVSS信息
N/A
漏洞类别
跨站请求伪造