← back
CVE-2012-1922

CVE-2012-1922

EPSS 1.4%
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/18651unverifiedexploitdbwww.exploit-db.com/exploits/18597unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilitieshttp://www.webapp-security.com/wp-content/uploads/2012/03/Sitecom-WLM-2501-new-Multiple-CSRF-Vulnerabilities-1.txt