Sitecom WLM-2501 Multiple Cross Site Request Forgery Vulnerabilities

Bugtraq ID:	52700
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 22 2012 12:00AM
Updated:	Mar 22 2012 12:00AM
Credit:	Ivano Binetti
Vulnerable:	Sitecom WLM-2501 0
Not Vulnerable:

Sitecom WLM-2501 Multiple Cross Site Request Forgery Vulnerabilities

Sitecom WLM-2501 is prone to multiple cross-site request-forgery vulnerabilities because the device fails to properly validate HTTP requests.

Attackers can exploit these issues to gain unauthorized access to the affected device and perform certain administrative actions.

Sitecom WLM-2501 Multiple Cross Site Request Forgery Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The following example requests are available:

• /data/vulnerabilities/exploits/52700.txt

Sitecom WLM-2501 Multiple Cross Site Request Forgery Vulnerabilities

Solution:
Vendor updates are available. Please contact the vendor for more information.

Sitecom WLM-2501 Multiple Cross Site Request Forgery Vulnerabilities

References:

• Sitecom WLM-2501 new Multiple CSRF Vulnerabilities (Ivano Binetti)
  
• WLM-2501 Homepage (Sitecom)