CVE-2018-14711

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 66.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Rt-ac3200 Firmware
Timeline
PublishedMay 13
Latest updateMay 24

Description

Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDasus/rt-ac3200_firmware3.0.0.4.382.50010

🔴Vulnerability Details

2
GHSA
GHSA-mmf2-45w8-23q8: Missing cross-site request forgery protection in appGet2022-05-24
CVEList
CVE-2018-14711: Missing cross-site request forgery protection in appGet2019-05-13
CVE-2018-14711 (MEDIUM CVSS 6.5) | Missing cross-site request forgery | cvebase.io