A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/xtr4nge/FruityWifi/issues/277 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-23T18:17:12
Updated: 2024-08-04T15:19:09.341Z
Reserved: 2020-08-28T00:00:00
Link: CVE-2020-24847
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-10-23T19:15:12.363
Modified: 2020-10-27T19:28:48.333
Link: CVE-2020-24847
Redhat
No data.