A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows attacker to "gain full privileges" and to "fully compromise of router & network".
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/huzaifahussain98/CVE-2020-23585 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-11-23T00:00:00
Updated: 2024-08-04T14:58:15.192Z
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-23585
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-11-23T01:15:09.707
Modified: 2022-11-23T20:11:00.470
Link: CVE-2020-23585
Redhat
No data.