Vulnerability CVE-2017-16886


Published: 2018-01-12

Description:
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Fiberhome -> Lm53q1 firmware 

 References:
http://seclists.org/fulldisclosure/2018/Jan/28
https://www.exploit-db.com/exploits/43460/

Copyright 2024, cxsecurity.com

 

Back to Top