Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Beetel | 450Tc2 Router Firmware | tx6-0q-005_retail |
| Beetel | 450Tc2 Router | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/show/osvdb/106468
- http://packetstormsecurity.com/files/126426/Beetel-450TC2-Cross-Site-Request-ForExploit
- http://secunia.com/advisories/58365Vendor Advisory
- http://www.exploit-db.com/exploits/33129Exploit
- http://osvdb.org/show/osvdb/106468
- http://packetstormsecurity.com/files/126426/Beetel-450TC2-Cross-Site-Request-ForExploit
- http://secunia.com/advisories/58365Vendor Advisory
- http://www.exploit-db.com/exploits/33129Exploit
FAQ
What is CVE-2014-3792?
CVE-2014-3792 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change ...
How severe is CVE-2014-3792?
CVE-2014-3792 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3792?
Check the references section above for vendor advisories and patch information. Affected products include: Beetel 450Tc2 Router Firmware, Beetel 450Tc2 Router.