ID
VAR-E-201005-0284
TITLE
U.S.Robotics USR5463 Firmware '/cgi-bin/setup_ddns.exe' Cross-Site Request Forgery Vulnerability
Trust: 0.3
DESCRIPTION
U.S.Robotics USR5463 firmware is prone to a cross-site request-forgery vulnerability.
Successful exploits may allow attackers to perform unauthorized actions on the affected device in the context of a logged-in user. This may allow attackers to gain access to or modify sensitive information and perform HTML-injection attacks.
U.S.Robotics USR5463 firmware versions 0.01 through 0.06 are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | u s robotics | model: | usr5463 | scope: | eq | version: | 0.06 | Trust: 0.3 |
| vendor: | u s robotics | model: | usr5463 | scope: | eq | version: | 0.05 | Trust: 0.3 |
| vendor: | u s robotics | model: | usr5463 | scope: | eq | version: | 0.04 | Trust: 0.3 |
| vendor: | u s robotics | model: | usr5463 | scope: | eq | version: | 0.03 | Trust: 0.3 |
| vendor: | u s robotics | model: | usr5463 | scope: | eq | version: | 0.02 | Trust: 0.3 |
| vendor: | u s robotics | model: | usr5463 | scope: | eq | version: | 0.01 | Trust: 0.3 |
EXPLOIT
To exploit this issue, an attacker must entice an unsuspecting victim into visiting a malicious webpage.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
David K.
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 40348 | Trust: 0.3 |
REFERENCES
| url: | http://www.usr-emea.com/support/s-prod-template.asp?loc=emea&prod=5463 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 40348 |
LAST UPDATE DATE
2022-07-27T09:59:21.720000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 40348 | date: | 2010-05-25T18:32:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 40348 | date: | 2010-05-25T00:00:00 |