Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | A32 Firmware | 5.07.53_cn |
| Tenda | A32 | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/show/osvdb/113308
- http://packetstormsecurity.com/files/128671/Tenda-A32-Cross-Site-Request-Forgery
- http://www.exploit-db.com/exploits/34969Exploit
- http://osvdb.org/show/osvdb/113308
- http://packetstormsecurity.com/files/128671/Tenda-A32-Cross-Site-Request-Forgery
- http://www.exploit-db.com/exploits/34969Exploit
FAQ
What is CVE-2014-7281?
CVE-2014-7281 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for reques...
How severe is CVE-2014-7281?
CVE-2014-7281 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7281?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda A32 Firmware, Tenda A32.