CVE-2008-6823
published 2009-06-04CVE-2008-6823: Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware…
PriorityP334medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.54%
71.8th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| a-link | wl54ap2 | <= 1.4.1 | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap2 | — | — |
| a-link | wl54ap3 | <= 1.4.1 | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
| a-link | wl54ap3 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Cyber Threats
## Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen 2018/12/11 Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting the
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Ciberamenazas
## Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen Dec 11, 2018 Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting th
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Cyber Threats
## Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen Dec 11, 2018 Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting th
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Cyber Threats
# Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen
2018/12/11
Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting the
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Cyberbedrohungen
## Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen Dec 11, 2018 Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting
http://osvdb.org/49466http://secunia.com/advisories/32421http://www.a-link.com/WL54AP3.htmlhttp://www.louhinetworks.fi/advisory/alink_081028.txthttp://www.osvdb.org/49465http://www.securityfocus.com/archive/1/497997/100/0/threadedhttp://www.securityfocus.com/bid/32008https://exchange.xforce.ibmcloud.com/vulnerabilities/46255https://exchange.xforce.ibmcloud.com/vulnerabilities/46256https://www.exploit-db.com/exploits/6899http://osvdb.org/49466http://secunia.com/advisories/32421http://www.a-link.com/WL54AP3.htmlhttp://www.louhinetworks.fi/advisory/alink_081028.txthttp://www.osvdb.org/49465http://www.securityfocus.com/archive/1/497997/100/0/threadedhttp://www.securityfocus.com/bid/32008https://exchange.xforce.ibmcloud.com/vulnerabilities/46255https://exchange.xforce.ibmcloud.com/vulnerabilities/46256https://www.exploit-db.com/exploits/6899
2009-06-04
Published