CVE-2018-12456

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.

Published : 2018-10-10 21:29 Updated : 2018-11-28 18:08

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Intelbras Nplug Firmware 1.0.0.14 cpe:/o:intelbras:nplug_firmware:1.0.0.14
  1. Intelbras (1) Search CVE
    1. Nplug Firmware (1) Search CVE
      1. 1.0.0.14

CWE

ID Name Description Links
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. CVE

Reference

History of changes

Date Event
2018-11-28 18:08
2018-10-10 21:29

New CVE