Cross-site request forgery in 4G LTE Light Industrial M2M Router - CVE-2018-14783
Published: August 10, 2018
Vulnerability identifier: #VU14305
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-14783
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: NetComm Wireless
Affected software:
4G LTE Light Industrial M2M Router
4G LTE Light Industrial M2M Router
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.
The weakness exists in due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and change passwords of the device.
The weakness exists in due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and change passwords of the device.
How to mitigate CVE-2018-14783
Install update from vendor's website.