CVE-2012-1921
published 2012-08-26CVE-2012-1921: Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.96%
57.0th percentile
Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f77h-vw5c-68v8: Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators f
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2012-1922 [MEDIUM] CWE-352 GHSA-f77h-vw5c-68v8: Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators f
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921.
GHSA
GHSA-qp27-9vjr-p3c5: Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication
ghsa_unreviewed·2022-05-17
CVE-2012-1921 [MEDIUM] CWE-352 GHSA-qp27-9vjr-p3c5: Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication
Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter.
No detection rules found.
Exploit-DB
Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities
exploitdb·2012-03-23
CVE-2012-1922 Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities
Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities
---
+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : Sitecom WLM-2501 new Multiple CSRF Vulnerabilities
# Date : 22-03-2012
# Author : Ivano Binetti (http://www.ivanobinetti.com)
# Vendor site : http://www.sitecom.com/wireless-modem-router-300n/p/859
# Version : WLM-2501
# Tested on : WLM-2501 (All Sitecom WL series might be is affected by these vulnerabilities)
# Original Advisory: http://www.webapp-security.com/?p=75
+--------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
2)Vulnerability Description
3)Exploit
3.1 Disable Mac Filt
Exploit-DB
Sitecom WLM-2501 - Cross-Site Request Forgery
exploitdb·2012-03-14
CVE-2012-1922 Sitecom WLM-2501 - Cross-Site Request Forgery
Sitecom WLM-2501 - Cross-Site Request Forgery
---
+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : Sitecom WLM-2501 Change Wireless Passphrase
# Date : 13-03-2012
# Author : Ivano Binetti (http://www.ivanobinetti.com)
# Vendor site : http://www.sitecom.com/wireless-modem-router-300n/p/859
# Version : WLM-2501
# Tested on : WLM-2501 (All Sitecom WL series might be is affected by these vulnerabilities)
# Original Advisory: http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html
+--------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
2)Vulnerability Description
3)Exploit
+--------
No writeups or analysis indexed.
http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.htmlhttp://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.htmlhttp://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.htmlhttp://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html
2012-08-26
Published